diff --git a/deployment/.env b/deployment/.env index 9ecdb5e95..83003feae 100644 --- a/deployment/.env +++ b/deployment/.env @@ -11,7 +11,7 @@ DOCX_APP_TAG=0.0.8 JSON_APP_TAG=0.0.6 ZENODO_APP_TAG=2.0.4 POSTGRES_TAG=16-alpine -ELK_VERSION=8.13.12 +ELK_VERSION=8.13.0 KEYCLOAK_TAG=24.0.2 RABBITMQ_TAG=3.13-management GOTENBERG_TAG=8.4.0 diff --git a/deployment/docker-compose.override.yml b/deployment/docker-compose.override.yml index ea6163e6b..1662d7aa9 100644 --- a/deployment/docker-compose.override.yml +++ b/deployment/docker-compose.override.yml @@ -1,23 +1,24 @@ services: ############################## PROXY ######################################## - # opendmp.proxy: - # user: ${DEPLOY_USER}:${DEPLOY_GROUP} - # restart: unless-stopped - # cpus: 1 - # mem_limit: 256m - # ports: - # - "${PROXY_APP_PORT}:8081" - # - "${PROXY_MS_PORT}:8082" - # env_file: - # - proxy/proxy.env - # volumes: - # - proxy/nginx.conf:/etc/nginx/nginx.conf - # - proxy/ProxyNginx.conf:/etc/nginx/conf.d/default.conf - # - proxy/nginx-selfsigned.crt:/certifcates/cert.crt - # - proxy/nginx-selfsigned.key:/certifcates/key.key - # - logs/proxy:/tmp/logs - # networks: - # - opendmp-proxy-network + opendmp.proxy: + user: ${DEPLOY_USER}:${DEPLOY_GROUP} + restart: unless-stopped + cpus: 1 + mem_limit: 256m + ports: + - "${PROXY_APP_PORT}:8081" + - "${PROXY_MS_PORT}:8082" + env_file: + - ./proxy/proxy.env + volumes: + # - ./proxy/template-variables:/etc/nginx/templates/10-variables.conf.template:ro + - ./proxy/nginx.conf:/etc/nginx/nginx.conf + - ./proxy/ProxyNginx.conf:/etc/nginx/conf.d/default.conf + - ./proxy/nginx-selfsigned.crt:/certifcates/cert.crt + - ./proxy/nginx-selfsigned.key:/certifcates/key.key + - ./logs/proxy:/tmp/logs + networks: + - opendmp-proxy-network ############################## OPENDMP APP ################################# # opendmp.backend: @@ -171,67 +172,73 @@ services: # - "127.0.0.1:${POSTGRES_PORT}:5432" # If you want to make it accessible locally only - "${POSTGRES_PORT}:5432" env_file: - - postgres/postgres.env + - ./postgres/postgres.env volumes: - ./storage/postgres/data:/var/lib/postgresql/data networks: - opendmp-postgres-shared-network + healthcheck: + test: ["CMD-SHELL", "sh -c 'pg_isready -U opendmp-psql -d opendmp'"] + interval: 15s + timeout: 60s + retries: 5 + ################################# ELK ################################################# -# opendmp.elasticsearch: -# user: ${DEPLOY_USER}:${DEPLOY_GROUP} -# group_add: -# - 0 -# restart: unless-stopped -# cpus: 2 -# mem_limit: 1024m -# env_file: -# - elk/config-elk/elasticsearch/elastic.env -# environment: -# - "ES_JAVA_OPTS=-Xmx512m -Xms512m" -# ulimits: -# nproc: 65535 -# memlock: -# soft: -1 -# hard: -1 -# volumes: -# - elk/config-elk/elasticsearch/certificates:/usr/share/elasticsearch/config/certificates -# - elk/config-elk/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro -# - elk/config-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro -# - elk/data-elk/elasticsearch-data:/usr/share/elasticsearch/data -# - elk/data-elk/elasticsearch-log:/usr/share/elasticsearch/logs -# expose: -# - "9200" -# - "9300" -# networks: -# - opendmp-elastic-network -# - opendmp-elastic-shared-network -# healthcheck: -# test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi -# interval: 30s -# timeout: 10s -# retries: 5 + # opendmp.elasticsearch: + # user: ${DEPLOY_USER}:${DEPLOY_GROUP} + # group_add: + # - 0 + # restart: unless-stopped + # cpus: 2 + # mem_limit: 1024m + # env_file: + # - elk/config-elk/elasticsearch/elastic.env + # environment: + # - ES_JAVA_OPTS=-Xmx512m -Xms512m + # ulimits: + # nproc: 65535 + # memlock: + # soft: -1 + # hard: -1 + # volumes: + # - ./elk/config-elk/elasticsearch/certificates:/usr/share/elasticsearch/config/certificates + # - ./elk/config-elk/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro + # - ./elk/config-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro + # - ./elk/data-elk/elasticsearch-data:/usr/share/elasticsearch/data + # - ./elk/data-elk/elasticsearch-log:/usr/share/elasticsearch/logs + # expose: + # - "9200" + # - "9300" + # networks: + # - opendmp-elastic-network + # - opendmp-elastic-shared-network + # healthcheck: + # test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi + # interval: 30s + # timeout: 10s + # retries: 5 # # opendmp.logstash: # # volumes: # # - /elk/data-elk/logstash-log:/usr/share/logstash/logs -# opendmp.kibana: -# user: ${DEPLOY_USER}:${DEPLOY_GROUP} -# restart: unless-stopped -# cpus: 2 -# mem_limit: 1024m -# environment: -# - xpack.license.self_generated.type=basic -# - xpack.security.enabled=true -# volumes: -# - elk/config-elk/kibana/certificates:/usr/share/kibana/certificates -# - elk/config-elk/kibana/certificates/ca:/usr/share/kibana/certificate_authorities -# - elk/config-elk/kibana/config:/usr/share/kibana/config:ro -# expose: -# - "5601" -# networks: -# - opendmp-elastic-network + # opendmp.kibana: + # user: ${DEPLOY_USER}:${DEPLOY_GROUP} + # restart: unless-stopped + # cpus: 2 + # mem_limit: 1024m + # environment: + # - xpack.license.self_generated.type=basic + # - xpack.security.enabled=true + # volumes: + # - ./elk/config-elk/kibana/certificates:/usr/share/kibana/certificates + # - ./elk/config-elk/kibana/certificates/ca:/usr/share/kibana/certificate_authorities + # - ./elk/config-elk/kibana/config:/usr/share/kibana/config:ro + # expose: + # - "5601" + # networks: + # - opendmp-elastic-network # # opendmp.filebeat: @@ -240,6 +247,7 @@ services: opendmp.keycloak: restart: unless-stopped command: ["start", "--log=console,file", "--log-file=/tmp/logs/keycloak.log", "--import-realm"] + # command: ["start", "--log=console,file", "--log-file=/tmp/logs/keycloak.log"] cpus: 1 mem_limit: 1024M security_opt: @@ -249,10 +257,10 @@ services: environment: - JAVA_OPTS_APPEND="-Djava.net.preferIPv4Stack=true" volumes: - - logs/keycloak:/tmp/logs - - keycloak/imports/opendmp-realm.json:/opt/keycloak/data/import/opendmp-realm.json - - keycloak/certs/keycloak-selfsigned.crt:/tmp/keycloak-selfsigned.crt:ro - - keycloak/certs/keycloak-selfsigned.key:/tmp/keycloak-selfsigned.key:ro + - ./logs/keycloak:/tmp/logs + - ./keycloak/imports/opendmp-realm.json:/opt/keycloak/data/import/opendmp-realm.json + - ./keycloak/certs/keycloak-selfsigned.crt:/tmp/keycloak-selfsigned.crt:ro + - ./keycloak/certs/keycloak-selfsigned.key:/tmp/keycloak-selfsigned.key:ro expose: - "8443" networks: @@ -261,34 +269,34 @@ services: - opendmp-keycloak-shared-network # ############################## RABBITMQ ############################################### -# opendmp.rabbitmq: -# labels: -# NAME: "rabbitmq" -# cpus: 1 -# mem_limit: 512m -# restart: unless-stopped -# expose: -# - "15672" -# - "5672" -# env_file: -# - rabbitmq/rabbitmq.env -# # volumes: -# # - /rabbitmq/rabbitmq.config:/etc/rabbitmq/rabbitmq.config:ro -# networks: -# - opendmp-proxy-network -# - opendmp-rabbitmq-shared-network + opendmp.rabbitmq: + labels: + NAME: "rabbitmq" + cpus: 1 + mem_limit: 512m + restart: unless-stopped + ports: + - "0.0.0.0:15672:15672" + - "0.0.0.0:5672:5672" + env_file: + - rabbitmq/rabbitmq.env + volumes: + - /rabbitmq/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro + networks: + - opendmp-proxy-network + - opendmp-rabbitmq-shared-network # ############################## GOTENBERG ############################################## -# opendmp.gotenberg: -# mem_limit: 2048m -# restart: unless-stopped -# expose: -# - "3000" -# hostname: gotenberg -# env_file: -# - gotenberg/gotenberg.env -# networks: -# - opendmp-gotenberg-shared-network + opendmp.gotenberg: + mem_limit: 2048m + restart: unless-stopped + expose: + - "3000" + hostname: gotenberg + env_file: + - gotenberg/gotenberg.env + networks: + - opendmp-gotenberg-shared-network networks: opendmp-elastic-network: diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml index 0341ada59..85cb30908 100644 --- a/deployment/docker-compose.yml +++ b/deployment/docker-compose.yml @@ -1,8 +1,11 @@ services: ############################## PROXY ######################################## -# opendmp.proxy: -# container_name: opendmp.proxy -# image: nginx:${PROXY_TAG} + opendmp.proxy: + container_name: opendmp.proxy + image: nginx:${PROXY_TAG} + depends_on: + - opendmp.keycloak + # - opendmp.kibana # ############################## OPENDMP APP ################################# @@ -63,13 +66,15 @@ services: POSTGRES_TAG: $POSTGRES_TAG ################################# ELK ################################################# -# opendmp.elasticsearch: -# container_name: opendmp.elasticsearch -# image: elasticsearch -# build: -# context: /elk/elasticsearch/ -# args: -# ELK_VERSION: $ELK_VERSION + # opendmp.elasticsearch: + # container_name: opendmp.elasticsearch + # image: elasticsearch + # build: + # context: ./elk/elasticsearch/ + # args: + # ELK_VERSION: $ELK_VERSION + # DEPLOY_USER : $DEPLOY_USER + # DEPLOY_GROUP : $DEPLOY_GROUP # # opendmp.logstash: # # container_name: opendmp.logstash @@ -81,15 +86,17 @@ services: # # depends_on: # # - opendmp.elasticsearch -# opendmp.kibana: -# container_name: opendmp.kibana -# image: kibana -# build: -# context: /elk/kibana/ -# args: -# ELK_VERSION: $ELK_VERSION -# depends_on: -# - opendmp.elasticsearch + # opendmp.kibana: + # container_name: opendmp.kibana + # image: kibana + # build: + # context: ./elk/kibana/ + # args: + # ELK_VERSION: $ELK_VERSION + # DEPLOY_USER : $DEPLOY_USER + # DEPLOY_GROUP : $DEPLOY_GROUP + # depends_on: + # - opendmp.elasticsearch # # opendmp.filebeat: # # container_name: opendmp.filebeat @@ -105,13 +112,16 @@ services: opendmp.keycloak: container_name: opendmp.keycloak image: quay.io/keycloak/keycloak:${KEYCLOAK_TAG} + depends_on: + opendmp.postgres: + condition: service_healthy # ############################## RABBITMQ ############################################### -# opendmp.rabbitmq: -# container_name: opendmp.rabbitmq -# image: rabbitmq:${RABBITMQ_TAG} + opendmp.rabbitmq: + container_name: opendmp.rabbitmq + image: rabbitmq:${RABBITMQ_TAG} # ############################## GOTENBERG ############################################## -# opendmp.gotenberg: -# image: gotenberg/gotenberg:${GOTENBERG_TAG} -# container_name: opendmp.gotenberg + opendmp.gotenberg: + image: gotenberg/gotenberg:${GOTENBERG_TAG} + container_name: opendmp.gotenberg diff --git a/deployment/elk/elasticsearch/Dockerfile b/deployment/elk/elasticsearch/Dockerfile index 75a663384..73bfa249d 100644 --- a/deployment/elk/elasticsearch/Dockerfile +++ b/deployment/elk/elasticsearch/Dockerfile @@ -1,18 +1,23 @@ ARG ELK_VERSION ARG DEPLOY_USER - +ARG DEPLOY_GROUP # https://github.com/elastic/elasticsearch-docker FROM docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION} +ARG DEPLOY_USER +ARG DEPLOY_GROUP +ENV DEPLOY_USER $DEPLOY_USER +ENV DEPLOY_GROUP $DEPLOY_GROUP + RUN /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu && \ /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-phonetic USER root -RUN groupmod -g ${DEPLOY_USER} elasticsearch -RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_USER} elasticsearch +RUN groupmod -g ${DEPLOY_GROUP} elasticsearch +RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_GROUP} elasticsearch RUN chown -R elasticsearch /usr/share/elasticsearch -RUN sed -i -e 's/--userspec=1000/--userspec=${DEPLOY_USER}/g' \ - -e 's/UID 1000/UID ${DEPLOY_USER}/' \ - -e 's/chown -R 1000/chown -R ${DEPLOY_USER}/' /usr/local/bin/docker-entrypoint.sh +RUN sed -i -e 's/--userspec=1000/--userspec=1000/g' \ + -e 's/UID 1000/UID 1000/' \ + -e 's/chown -R 1000/chown -R 1000/' /usr/local/bin/docker-entrypoint.sh RUN chown elasticsearch /usr/local/bin/docker-entrypoint.sh ENV JAVA_HOME /usr/share/elasticsearch/jdk \ No newline at end of file diff --git a/deployment/elk/kibana/Dockerfile b/deployment/elk/kibana/Dockerfile index e1148d762..38a0b95dd 100644 --- a/deployment/elk/kibana/Dockerfile +++ b/deployment/elk/kibana/Dockerfile @@ -1,14 +1,21 @@ ARG ELK_VERSION +ARG DEPLOY_USER +ARG DEPLOY_GROUP # https://github.com/elastic/kibana-docker FROM docker.elastic.co/kibana/kibana:${ELK_VERSION} +ARG DEPLOY_USER +ARG DEPLOY_GROUP +ENV DEPLOY_USER $DEPLOY_USER +ENV DEPLOY_GROUP $DEPLOY_GROUP + USER root -RUN groupmod -g 1008 kibana -RUN usermod -u 1008 -g 1008 kibana +RUN groupmod -g ${DEPLOY_GROUP} kibana +RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_GROUP} kibana RUN chown -R kibana /usr/share/kibana -USER 1008:1008 +USER ${DEPLOY_USER}:${DEPLOY_GROUP} # Add your kibana plugins setup here # Example: RUN kibana-plugin install diff --git a/deployment/keycloak/keycloak.env b/deployment/keycloak/keycloak.env index 583ff5025..b63bdb2e0 100644 --- a/deployment/keycloak/keycloak.env +++ b/deployment/keycloak/keycloak.env @@ -5,14 +5,15 @@ KC_DB_URL_HOST=opendmp.postgres KC_DB_SCHEMA=public KC_DB_URL_DATABASE=keycloak KC_DB_PORT=5432 -KC_DB_USERNAME=keycloak-admin -KC_DB_PASSWORD=admin +KC_DB_USERNAME=keycloak-psql +KC_DB_PASSWORD=keycloak-admin #Keycloak related configuration -KEYCLOAK_ADMIN=opendmp-admin +KEYCLOAK_ADMIN=keycloak-admin KEYCLOAK_ADMIN_PASSWORD=admin -KC_HOSTNAME_URL=https://localhost:8082 -KC_HOSTNAME_ADMIN_URL=https://localhost:8082 +KC_HOSTNAME_URL=https://localhost:8082/keycloak +KC_HOSTNAME_ADMIN_URL=https://localhost:8082/keycloak +KC_HTTP_RELATIVE_PATH=/keycloak KC_PROXY_HEADERS=xforwarded KC_HOSTNAME_STRICT_HTTPS=true KC_HOSTNAME_STRICT_BACKCHANNEL=true diff --git a/deployment/postgres/Dockerfile b/deployment/postgres/Dockerfile index 9798ad94a..2ca78b7f4 100644 --- a/deployment/postgres/Dockerfile +++ b/deployment/postgres/Dockerfile @@ -3,7 +3,6 @@ ARG DEPLOY_USER ARG DEPLOY_GROUP FROM postgres:${POSTGRES_TAG} COPY ./opendmp_init.sql /docker-entrypoint-initdb.d/ -COPY ./keycloak_init.sql /docker-entrypoint-initdb.d/ COPY ./user_init.sql /docker-entrypoint-initdb.d/ ENTRYPOINT ["docker-entrypoint.sh"] EXPOSE 5432 diff --git a/deployment/postgres/opendmp_init.sql b/deployment/postgres/opendmp_init.sql index 360abc878..0e2b2ad72 100644 --- a/deployment/postgres/opendmp_init.sql +++ b/deployment/postgres/opendmp_init.sql @@ -1,12 +1,3 @@ --- --- PostgreSQL database dump --- - --- Dumped from database version 16.2 --- Dumped by pg_dump version 16.2 - --- Started on 2024-04-25 13:31:48 - SET statement_timeout = 0; SET lock_timeout = 0; SET idle_in_transaction_session_timeout = 0; @@ -20,13 +11,13 @@ SET row_security = off; -- -- TOC entry 4132 (class 1262 OID 49907) --- Name: opendmp-test; Type: DATABASE; Schema: -; Owner: - +-- Name: opendmp; Type: DATABASE; Schema: -; Owner: - -- -CREATE DATABASE "opendmp-test" WITH TEMPLATE = template0 ENCODING = 'UTF8' LOCALE_PROVIDER = libc LOCALE = 'en_US.utf8'; +CREATE DATABASE "opendmp" WITH TEMPLATE = template0 ENCODING = 'UTF8' LOCALE_PROVIDER = libc LOCALE = 'en_US.utf8'; -\connect -reuse-previous=on "dbname='opendmp-test'" +\connect -reuse-previous=on "dbname='opendmp'" SET statement_timeout = 0; SET lock_timeout = 0; diff --git a/deployment/postgres/postgres.env b/deployment/postgres/postgres.env index abc761088..4d6d638c8 100644 --- a/deployment/postgres/postgres.env +++ b/deployment/postgres/postgres.env @@ -1,4 +1,3 @@ #################### POSTGRES ######################## POSTGRES_USER=postgres -POSTGRES_PASSWORD=changeme -PGDATA=/var/lib/postgresql/data/ \ No newline at end of file +POSTGRES_PASSWORD=postgres-admin \ No newline at end of file diff --git a/deployment/postgres/user_init.sql b/deployment/postgres/user_init.sql index fc5ed4714..e3c85011d 100644 --- a/deployment/postgres/user_init.sql +++ b/deployment/postgres/user_init.sql @@ -1,4 +1,4 @@ -CREATE USER keycloak_psql WITH PASSWORD 'keycloak-admin'; -ALTER DATABASE keycloak OWNER TO keycloak_psql; -CREATE USER opendmp_psql WITH PASSWORD 'opendmp-admin'; -ALTER DATABASE "opendmp-test" OWNER TO opendmp_psql; \ No newline at end of file +CREATE USER "keycloak-psql" WITH PASSWORD 'keycloak-admin'; +CREATE DATABASE keycloak WITH OWNER "keycloak-psql"; +CREATE USER "opendmp-psql" WITH PASSWORD 'opendmp-admin'; +ALTER DATABASE "opendmp" OWNER TO "opendmp-psql"; \ No newline at end of file diff --git a/deployment/proxy/ProxyNginx.conf b/deployment/proxy/ProxyNginx.conf index c91551e24..d95f428be 100644 --- a/deployment/proxy/ProxyNginx.conf +++ b/deployment/proxy/ProxyNginx.conf @@ -6,6 +6,8 @@ server { } server { + set $app_host $APP_HOST; + set $app_port $APP_PORT; listen 8080; server_name ${APP_HOST}${APP_PORT}; location / { @@ -13,74 +15,88 @@ server { } } +# server { +# set $app_host $APP_HOST; +# set $app_port $APP_PORT; +# listen 8081 ssl; +# ssl_certificate /certifcates/cert.crt; +# ssl_certificate_key /certifcates/key.key; +# server_name ${APP_HOST}${APP_PORT}; +# proxy_pass_header Server; + +# add_header X-XSS-Protection "1; mode=block" always; +# add_header X-Content-Type-Options nosniff; +# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; +# add_header Referrer-Policy 'strict-origin' always; +# add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always; +# add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always; + +# location / { + +# proxy_set_header Host $host; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; + +# # Fix the “It appears that your reverse proxy set up is broken" error. +# proxy_pass http://opendmp.frontend:8080; +# proxy_read_timeout 90; +# proxy_redirect http://opendmp.frontend:8080 https://${APP_HOST}${APP_PORT}; +# } + +# location /api/ { + +# proxy_set_header Host $host; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; + +# # Fix the “It appears that your reverse proxy set up is broken" error. +# proxy_pass http://opendmp.backend:8080; +# proxy_read_timeout 90; +# proxy_redirect http://opendmp.backend:8080 https://${APP_HOST}${APP_PORT}/api; +# } + +# location /api/notification/ { + +# proxy_set_header Host $host; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; + +# # Fix the “It appears that your reverse proxy set up is broken" error. +# proxy_pass http://opendmp.notification:8080; +# proxy_read_timeout 90; +# proxy_redirect http://opendmp.notification:8080 https://${APP_HOST}${APP_PORT}/api/notification; +# } + +# location /api/annotation/ { + +# proxy_set_header Host $host; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; + +# # Fix the “It appears that your reverse proxy set up is broken" error. +# proxy_pass http://opendmp.annotation:8080; +# proxy_read_timeout 90; +# proxy_redirect http://opendmp.annotation:8080 https://${APP_HOST}${APP_PORT}/api/annotation; +# } +# } + server { - listen 8081 ssl; - ssl_certificate /certifcates/cert.crt; - ssl_certificate_key /certifcates/key.key; - server_name ${APP_HOST}${APP_PORT}; - proxy_pass_header Server; - - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options nosniff; - add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; - add_header Referrer-Policy 'strict-origin' always; - add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always; - add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always; - + set $ms_host $MS_HOST; + set $ms_port $MS_PORT; + listen 8080; + server_name ${MS_HOST}${MS_PORT}; location / { - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Fix the “It appears that your reverse proxy set up is broken" error. - proxy_pass http://opendmp.frontend:8080; - proxy_read_timeout 90; - proxy_redirect http://opendmp.frontend:8080 https://${APP_HOST}${APP_PORT}; - } - - location /api/ { - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Fix the “It appears that your reverse proxy set up is broken" error. - proxy_pass http://opendmp.backend:8080; - proxy_read_timeout 90; - proxy_redirect http://opendmp.backend:8080 https://${APP_HOST}${APP_PORT}/api; - } - - location /api/notification/ { - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Fix the “It appears that your reverse proxy set up is broken" error. - proxy_pass http://opendmp.notification:8080; - proxy_read_timeout 90; - proxy_redirect http://opendmp.notification:8080 https://${APP_HOST}${APP_PORT}/api/notification; - } - - location /api/annotation/ { - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Fix the “It appears that your reverse proxy set up is broken" error. - proxy_pass http://opendmp.annotation:8080; - proxy_read_timeout 90; - proxy_redirect http://opendmp.annotation:8080 https://${APP_HOST}${APP_PORT}/api/annotation; - } + return 301 https://$host$request_uri; + } } server { + set $ms_host $MS_HOST; + set $ms_port $MS_PORT; listen 8082 ssl; ssl_certificate /certifcates/cert.crt; ssl_certificate_key /certifcates/key.key; @@ -111,23 +127,6 @@ server { proxy_redirect http://opendmp.keycloak:8443 https://${MS_HOST}${MS_PORT}/keycloak; } - location /rabbitmq/ { - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - - # Fix the “It appears that your reverse proxy set up is broken" error. - proxy_pass https://opendmp.rabbitmq:15672; - proxy_read_timeout 90; - - proxy_redirect http://opendmp.rabbitmq:15672 https://${MS_HOST}${MS_PORT}/rabbitmq; - } - location /elastic/ { proxy_set_header Host $host; diff --git a/deployment/rabbitmq/rabbitmq.conf b/deployment/rabbitmq/rabbitmq.conf new file mode 100644 index 000000000..0f307857c --- /dev/null +++ b/deployment/rabbitmq/rabbitmq.conf @@ -0,0 +1,2 @@ +deprecated_features.permit.management_metrics_collection = false +proxy_protocol = true \ No newline at end of file diff --git a/deployment/rabbitmq/rabbitmq.env b/deployment/rabbitmq/rabbitmq.env index dd5d91e94..a2c76acca 100644 --- a/deployment/rabbitmq/rabbitmq.env +++ b/deployment/rabbitmq/rabbitmq.env @@ -1,3 +1,3 @@ RABBITMQ_DEFAULT_USER=guest RABBITMQ_DEFAULT_PASS=guest -RABBITMQ_DEFAULT_VHOST=/rabbitmq/ \ No newline at end of file +RABBITMQ_DEFAULT_VHOST=/ \ No newline at end of file