Finalize deployment for keycloak, rabbitmq, and gotenberg

This commit is contained in:
Alexandros Mandilaras 2024-04-25 17:59:42 +03:00
parent 52799fdd7d
commit f1c1503b1c
13 changed files with 259 additions and 238 deletions

View File

@ -11,7 +11,7 @@ DOCX_APP_TAG=0.0.8
JSON_APP_TAG=0.0.6 JSON_APP_TAG=0.0.6
ZENODO_APP_TAG=2.0.4 ZENODO_APP_TAG=2.0.4
POSTGRES_TAG=16-alpine POSTGRES_TAG=16-alpine
ELK_VERSION=8.13.12 ELK_VERSION=8.13.0
KEYCLOAK_TAG=24.0.2 KEYCLOAK_TAG=24.0.2
RABBITMQ_TAG=3.13-management RABBITMQ_TAG=3.13-management
GOTENBERG_TAG=8.4.0 GOTENBERG_TAG=8.4.0

View File

@ -1,23 +1,24 @@
services: services:
############################## PROXY ######################################## ############################## PROXY ########################################
# opendmp.proxy: opendmp.proxy:
# user: ${DEPLOY_USER}:${DEPLOY_GROUP} user: ${DEPLOY_USER}:${DEPLOY_GROUP}
# restart: unless-stopped restart: unless-stopped
# cpus: 1 cpus: 1
# mem_limit: 256m mem_limit: 256m
# ports: ports:
# - "${PROXY_APP_PORT}:8081" - "${PROXY_APP_PORT}:8081"
# - "${PROXY_MS_PORT}:8082" - "${PROXY_MS_PORT}:8082"
# env_file: env_file:
# - proxy/proxy.env - ./proxy/proxy.env
# volumes: volumes:
# - proxy/nginx.conf:/etc/nginx/nginx.conf # - ./proxy/template-variables:/etc/nginx/templates/10-variables.conf.template:ro
# - proxy/ProxyNginx.conf:/etc/nginx/conf.d/default.conf - ./proxy/nginx.conf:/etc/nginx/nginx.conf
# - proxy/nginx-selfsigned.crt:/certifcates/cert.crt - ./proxy/ProxyNginx.conf:/etc/nginx/conf.d/default.conf
# - proxy/nginx-selfsigned.key:/certifcates/key.key - ./proxy/nginx-selfsigned.crt:/certifcates/cert.crt
# - logs/proxy:/tmp/logs - ./proxy/nginx-selfsigned.key:/certifcates/key.key
# networks: - ./logs/proxy:/tmp/logs
# - opendmp-proxy-network networks:
- opendmp-proxy-network
############################## OPENDMP APP ################################# ############################## OPENDMP APP #################################
# opendmp.backend: # opendmp.backend:
@ -171,67 +172,73 @@ services:
# - "127.0.0.1:${POSTGRES_PORT}:5432" # If you want to make it accessible locally only # - "127.0.0.1:${POSTGRES_PORT}:5432" # If you want to make it accessible locally only
- "${POSTGRES_PORT}:5432" - "${POSTGRES_PORT}:5432"
env_file: env_file:
- postgres/postgres.env - ./postgres/postgres.env
volumes: volumes:
- ./storage/postgres/data:/var/lib/postgresql/data - ./storage/postgres/data:/var/lib/postgresql/data
networks: networks:
- opendmp-postgres-shared-network - opendmp-postgres-shared-network
healthcheck:
test: ["CMD-SHELL", "sh -c 'pg_isready -U opendmp-psql -d opendmp'"]
interval: 15s
timeout: 60s
retries: 5
################################# ELK ################################################# ################################# ELK #################################################
# opendmp.elasticsearch: # opendmp.elasticsearch:
# user: ${DEPLOY_USER}:${DEPLOY_GROUP} # user: ${DEPLOY_USER}:${DEPLOY_GROUP}
# group_add: # group_add:
# - 0 # - 0
# restart: unless-stopped # restart: unless-stopped
# cpus: 2 # cpus: 2
# mem_limit: 1024m # mem_limit: 1024m
# env_file: # env_file:
# - elk/config-elk/elasticsearch/elastic.env # - elk/config-elk/elasticsearch/elastic.env
# environment: # environment:
# - "ES_JAVA_OPTS=-Xmx512m -Xms512m" # - ES_JAVA_OPTS=-Xmx512m -Xms512m
# ulimits: # ulimits:
# nproc: 65535 # nproc: 65535
# memlock: # memlock:
# soft: -1 # soft: -1
# hard: -1 # hard: -1
# volumes: # volumes:
# - elk/config-elk/elasticsearch/certificates:/usr/share/elasticsearch/config/certificates # - ./elk/config-elk/elasticsearch/certificates:/usr/share/elasticsearch/config/certificates
# - elk/config-elk/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro # - ./elk/config-elk/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro
# - elk/config-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro # - ./elk/config-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
# - elk/data-elk/elasticsearch-data:/usr/share/elasticsearch/data # - ./elk/data-elk/elasticsearch-data:/usr/share/elasticsearch/data
# - elk/data-elk/elasticsearch-log:/usr/share/elasticsearch/logs # - ./elk/data-elk/elasticsearch-log:/usr/share/elasticsearch/logs
# expose: # expose:
# - "9200" # - "9200"
# - "9300" # - "9300"
# networks: # networks:
# - opendmp-elastic-network # - opendmp-elastic-network
# - opendmp-elastic-shared-network # - opendmp-elastic-shared-network
# healthcheck: # healthcheck:
# test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi # test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
# interval: 30s # interval: 30s
# timeout: 10s # timeout: 10s
# retries: 5 # retries: 5
# # opendmp.logstash: # # opendmp.logstash:
# # volumes: # # volumes:
# # - /elk/data-elk/logstash-log:/usr/share/logstash/logs # # - /elk/data-elk/logstash-log:/usr/share/logstash/logs
# opendmp.kibana: # opendmp.kibana:
# user: ${DEPLOY_USER}:${DEPLOY_GROUP} # user: ${DEPLOY_USER}:${DEPLOY_GROUP}
# restart: unless-stopped # restart: unless-stopped
# cpus: 2 # cpus: 2
# mem_limit: 1024m # mem_limit: 1024m
# environment: # environment:
# - xpack.license.self_generated.type=basic # - xpack.license.self_generated.type=basic
# - xpack.security.enabled=true # - xpack.security.enabled=true
# volumes: # volumes:
# - elk/config-elk/kibana/certificates:/usr/share/kibana/certificates # - ./elk/config-elk/kibana/certificates:/usr/share/kibana/certificates
# - elk/config-elk/kibana/certificates/ca:/usr/share/kibana/certificate_authorities # - ./elk/config-elk/kibana/certificates/ca:/usr/share/kibana/certificate_authorities
# - elk/config-elk/kibana/config:/usr/share/kibana/config:ro # - ./elk/config-elk/kibana/config:/usr/share/kibana/config:ro
# expose: # expose:
# - "5601" # - "5601"
# networks: # networks:
# - opendmp-elastic-network # - opendmp-elastic-network
# # opendmp.filebeat: # # opendmp.filebeat:
@ -240,6 +247,7 @@ services:
opendmp.keycloak: opendmp.keycloak:
restart: unless-stopped restart: unless-stopped
command: ["start", "--log=console,file", "--log-file=/tmp/logs/keycloak.log", "--import-realm"] command: ["start", "--log=console,file", "--log-file=/tmp/logs/keycloak.log", "--import-realm"]
# command: ["start", "--log=console,file", "--log-file=/tmp/logs/keycloak.log"]
cpus: 1 cpus: 1
mem_limit: 1024M mem_limit: 1024M
security_opt: security_opt:
@ -249,10 +257,10 @@ services:
environment: environment:
- JAVA_OPTS_APPEND="-Djava.net.preferIPv4Stack=true" - JAVA_OPTS_APPEND="-Djava.net.preferIPv4Stack=true"
volumes: volumes:
- logs/keycloak:/tmp/logs - ./logs/keycloak:/tmp/logs
- keycloak/imports/opendmp-realm.json:/opt/keycloak/data/import/opendmp-realm.json - ./keycloak/imports/opendmp-realm.json:/opt/keycloak/data/import/opendmp-realm.json
- keycloak/certs/keycloak-selfsigned.crt:/tmp/keycloak-selfsigned.crt:ro - ./keycloak/certs/keycloak-selfsigned.crt:/tmp/keycloak-selfsigned.crt:ro
- keycloak/certs/keycloak-selfsigned.key:/tmp/keycloak-selfsigned.key:ro - ./keycloak/certs/keycloak-selfsigned.key:/tmp/keycloak-selfsigned.key:ro
expose: expose:
- "8443" - "8443"
networks: networks:
@ -261,34 +269,34 @@ services:
- opendmp-keycloak-shared-network - opendmp-keycloak-shared-network
# ############################## RABBITMQ ############################################### # ############################## RABBITMQ ###############################################
# opendmp.rabbitmq: opendmp.rabbitmq:
# labels: labels:
# NAME: "rabbitmq" NAME: "rabbitmq"
# cpus: 1 cpus: 1
# mem_limit: 512m mem_limit: 512m
# restart: unless-stopped restart: unless-stopped
# expose: ports:
# - "15672" - "0.0.0.0:15672:15672"
# - "5672" - "0.0.0.0:5672:5672"
# env_file: env_file:
# - rabbitmq/rabbitmq.env - rabbitmq/rabbitmq.env
# # volumes: volumes:
# # - /rabbitmq/rabbitmq.config:/etc/rabbitmq/rabbitmq.config:ro - /rabbitmq/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro
# networks: networks:
# - opendmp-proxy-network - opendmp-proxy-network
# - opendmp-rabbitmq-shared-network - opendmp-rabbitmq-shared-network
# ############################## GOTENBERG ############################################## # ############################## GOTENBERG ##############################################
# opendmp.gotenberg: opendmp.gotenberg:
# mem_limit: 2048m mem_limit: 2048m
# restart: unless-stopped restart: unless-stopped
# expose: expose:
# - "3000" - "3000"
# hostname: gotenberg hostname: gotenberg
# env_file: env_file:
# - gotenberg/gotenberg.env - gotenberg/gotenberg.env
# networks: networks:
# - opendmp-gotenberg-shared-network - opendmp-gotenberg-shared-network
networks: networks:
opendmp-elastic-network: opendmp-elastic-network:

View File

@ -1,8 +1,11 @@
services: services:
############################## PROXY ######################################## ############################## PROXY ########################################
# opendmp.proxy: opendmp.proxy:
# container_name: opendmp.proxy container_name: opendmp.proxy
# image: nginx:${PROXY_TAG} image: nginx:${PROXY_TAG}
depends_on:
- opendmp.keycloak
# - opendmp.kibana
# ############################## OPENDMP APP ################################# # ############################## OPENDMP APP #################################
@ -63,13 +66,15 @@ services:
POSTGRES_TAG: $POSTGRES_TAG POSTGRES_TAG: $POSTGRES_TAG
################################# ELK ################################################# ################################# ELK #################################################
# opendmp.elasticsearch: # opendmp.elasticsearch:
# container_name: opendmp.elasticsearch # container_name: opendmp.elasticsearch
# image: elasticsearch # image: elasticsearch
# build: # build:
# context: /elk/elasticsearch/ # context: ./elk/elasticsearch/
# args: # args:
# ELK_VERSION: $ELK_VERSION # ELK_VERSION: $ELK_VERSION
# DEPLOY_USER : $DEPLOY_USER
# DEPLOY_GROUP : $DEPLOY_GROUP
# # opendmp.logstash: # # opendmp.logstash:
# # container_name: opendmp.logstash # # container_name: opendmp.logstash
@ -81,15 +86,17 @@ services:
# # depends_on: # # depends_on:
# # - opendmp.elasticsearch # # - opendmp.elasticsearch
# opendmp.kibana: # opendmp.kibana:
# container_name: opendmp.kibana # container_name: opendmp.kibana
# image: kibana # image: kibana
# build: # build:
# context: /elk/kibana/ # context: ./elk/kibana/
# args: # args:
# ELK_VERSION: $ELK_VERSION # ELK_VERSION: $ELK_VERSION
# depends_on: # DEPLOY_USER : $DEPLOY_USER
# - opendmp.elasticsearch # DEPLOY_GROUP : $DEPLOY_GROUP
# depends_on:
# - opendmp.elasticsearch
# # opendmp.filebeat: # # opendmp.filebeat:
# # container_name: opendmp.filebeat # # container_name: opendmp.filebeat
@ -105,13 +112,16 @@ services:
opendmp.keycloak: opendmp.keycloak:
container_name: opendmp.keycloak container_name: opendmp.keycloak
image: quay.io/keycloak/keycloak:${KEYCLOAK_TAG} image: quay.io/keycloak/keycloak:${KEYCLOAK_TAG}
depends_on:
opendmp.postgres:
condition: service_healthy
# ############################## RABBITMQ ############################################### # ############################## RABBITMQ ###############################################
# opendmp.rabbitmq: opendmp.rabbitmq:
# container_name: opendmp.rabbitmq container_name: opendmp.rabbitmq
# image: rabbitmq:${RABBITMQ_TAG} image: rabbitmq:${RABBITMQ_TAG}
# ############################## GOTENBERG ############################################## # ############################## GOTENBERG ##############################################
# opendmp.gotenberg: opendmp.gotenberg:
# image: gotenberg/gotenberg:${GOTENBERG_TAG} image: gotenberg/gotenberg:${GOTENBERG_TAG}
# container_name: opendmp.gotenberg container_name: opendmp.gotenberg

View File

@ -1,18 +1,23 @@
ARG ELK_VERSION ARG ELK_VERSION
ARG DEPLOY_USER ARG DEPLOY_USER
ARG DEPLOY_GROUP
# https://github.com/elastic/elasticsearch-docker # https://github.com/elastic/elasticsearch-docker
FROM docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION} FROM docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION}
ARG DEPLOY_USER
ARG DEPLOY_GROUP
ENV DEPLOY_USER $DEPLOY_USER
ENV DEPLOY_GROUP $DEPLOY_GROUP
RUN /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu && \ RUN /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu && \
/usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-phonetic /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-phonetic
USER root USER root
RUN groupmod -g ${DEPLOY_USER} elasticsearch RUN groupmod -g ${DEPLOY_GROUP} elasticsearch
RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_USER} elasticsearch RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_GROUP} elasticsearch
RUN chown -R elasticsearch /usr/share/elasticsearch RUN chown -R elasticsearch /usr/share/elasticsearch
RUN sed -i -e 's/--userspec=1000/--userspec=${DEPLOY_USER}/g' \ RUN sed -i -e 's/--userspec=1000/--userspec=1000/g' \
-e 's/UID 1000/UID ${DEPLOY_USER}/' \ -e 's/UID 1000/UID 1000/' \
-e 's/chown -R 1000/chown -R ${DEPLOY_USER}/' /usr/local/bin/docker-entrypoint.sh -e 's/chown -R 1000/chown -R 1000/' /usr/local/bin/docker-entrypoint.sh
RUN chown elasticsearch /usr/local/bin/docker-entrypoint.sh RUN chown elasticsearch /usr/local/bin/docker-entrypoint.sh
ENV JAVA_HOME /usr/share/elasticsearch/jdk ENV JAVA_HOME /usr/share/elasticsearch/jdk

View File

@ -1,14 +1,21 @@
ARG ELK_VERSION ARG ELK_VERSION
ARG DEPLOY_USER
ARG DEPLOY_GROUP
# https://github.com/elastic/kibana-docker # https://github.com/elastic/kibana-docker
FROM docker.elastic.co/kibana/kibana:${ELK_VERSION} FROM docker.elastic.co/kibana/kibana:${ELK_VERSION}
ARG DEPLOY_USER
ARG DEPLOY_GROUP
ENV DEPLOY_USER $DEPLOY_USER
ENV DEPLOY_GROUP $DEPLOY_GROUP
USER root USER root
RUN groupmod -g 1008 kibana RUN groupmod -g ${DEPLOY_GROUP} kibana
RUN usermod -u 1008 -g 1008 kibana RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_GROUP} kibana
RUN chown -R kibana /usr/share/kibana RUN chown -R kibana /usr/share/kibana
USER 1008:1008 USER ${DEPLOY_USER}:${DEPLOY_GROUP}
# Add your kibana plugins setup here # Add your kibana plugins setup here
# Example: RUN kibana-plugin install <name|url> # Example: RUN kibana-plugin install <name|url>

View File

@ -5,14 +5,15 @@ KC_DB_URL_HOST=opendmp.postgres
KC_DB_SCHEMA=public KC_DB_SCHEMA=public
KC_DB_URL_DATABASE=keycloak KC_DB_URL_DATABASE=keycloak
KC_DB_PORT=5432 KC_DB_PORT=5432
KC_DB_USERNAME=keycloak-admin KC_DB_USERNAME=keycloak-psql
KC_DB_PASSWORD=admin KC_DB_PASSWORD=keycloak-admin
#Keycloak related configuration #Keycloak related configuration
KEYCLOAK_ADMIN=opendmp-admin KEYCLOAK_ADMIN=keycloak-admin
KEYCLOAK_ADMIN_PASSWORD=admin KEYCLOAK_ADMIN_PASSWORD=admin
KC_HOSTNAME_URL=https://localhost:8082 KC_HOSTNAME_URL=https://localhost:8082/keycloak
KC_HOSTNAME_ADMIN_URL=https://localhost:8082 KC_HOSTNAME_ADMIN_URL=https://localhost:8082/keycloak
KC_HTTP_RELATIVE_PATH=/keycloak
KC_PROXY_HEADERS=xforwarded KC_PROXY_HEADERS=xforwarded
KC_HOSTNAME_STRICT_HTTPS=true KC_HOSTNAME_STRICT_HTTPS=true
KC_HOSTNAME_STRICT_BACKCHANNEL=true KC_HOSTNAME_STRICT_BACKCHANNEL=true

View File

@ -3,7 +3,6 @@ ARG DEPLOY_USER
ARG DEPLOY_GROUP ARG DEPLOY_GROUP
FROM postgres:${POSTGRES_TAG} FROM postgres:${POSTGRES_TAG}
COPY ./opendmp_init.sql /docker-entrypoint-initdb.d/ COPY ./opendmp_init.sql /docker-entrypoint-initdb.d/
COPY ./keycloak_init.sql /docker-entrypoint-initdb.d/
COPY ./user_init.sql /docker-entrypoint-initdb.d/ COPY ./user_init.sql /docker-entrypoint-initdb.d/
ENTRYPOINT ["docker-entrypoint.sh"] ENTRYPOINT ["docker-entrypoint.sh"]
EXPOSE 5432 EXPOSE 5432

View File

@ -1,12 +1,3 @@
--
-- PostgreSQL database dump
--
-- Dumped from database version 16.2
-- Dumped by pg_dump version 16.2
-- Started on 2024-04-25 13:31:48
SET statement_timeout = 0; SET statement_timeout = 0;
SET lock_timeout = 0; SET lock_timeout = 0;
SET idle_in_transaction_session_timeout = 0; SET idle_in_transaction_session_timeout = 0;
@ -20,13 +11,13 @@ SET row_security = off;
-- --
-- TOC entry 4132 (class 1262 OID 49907) -- TOC entry 4132 (class 1262 OID 49907)
-- Name: opendmp-test; Type: DATABASE; Schema: -; Owner: - -- Name: opendmp; Type: DATABASE; Schema: -; Owner: -
-- --
CREATE DATABASE "opendmp-test" WITH TEMPLATE = template0 ENCODING = 'UTF8' LOCALE_PROVIDER = libc LOCALE = 'en_US.utf8'; CREATE DATABASE "opendmp" WITH TEMPLATE = template0 ENCODING = 'UTF8' LOCALE_PROVIDER = libc LOCALE = 'en_US.utf8';
\connect -reuse-previous=on "dbname='opendmp-test'" \connect -reuse-previous=on "dbname='opendmp'"
SET statement_timeout = 0; SET statement_timeout = 0;
SET lock_timeout = 0; SET lock_timeout = 0;

View File

@ -1,4 +1,3 @@
#################### POSTGRES ######################## #################### POSTGRES ########################
POSTGRES_USER=postgres POSTGRES_USER=postgres
POSTGRES_PASSWORD=changeme POSTGRES_PASSWORD=postgres-admin
PGDATA=/var/lib/postgresql/data/

View File

@ -1,4 +1,4 @@
CREATE USER keycloak_psql WITH PASSWORD 'keycloak-admin'; CREATE USER "keycloak-psql" WITH PASSWORD 'keycloak-admin';
ALTER DATABASE keycloak OWNER TO keycloak_psql; CREATE DATABASE keycloak WITH OWNER "keycloak-psql";
CREATE USER opendmp_psql WITH PASSWORD 'opendmp-admin'; CREATE USER "opendmp-psql" WITH PASSWORD 'opendmp-admin';
ALTER DATABASE "opendmp-test" OWNER TO opendmp_psql; ALTER DATABASE "opendmp" OWNER TO "opendmp-psql";

View File

@ -6,6 +6,8 @@ server {
} }
server { server {
set $app_host $APP_HOST;
set $app_port $APP_PORT;
listen 8080; listen 8080;
server_name ${APP_HOST}${APP_PORT}; server_name ${APP_HOST}${APP_PORT};
location / { location / {
@ -13,74 +15,88 @@ server {
} }
} }
# server {
# set $app_host $APP_HOST;
# set $app_port $APP_PORT;
# listen 8081 ssl;
# ssl_certificate /certifcates/cert.crt;
# ssl_certificate_key /certifcates/key.key;
# server_name ${APP_HOST}${APP_PORT};
# proxy_pass_header Server;
# add_header X-XSS-Protection "1; mode=block" always;
# add_header X-Content-Type-Options nosniff;
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
# add_header Referrer-Policy 'strict-origin' always;
# add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always;
# add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always;
# location / {
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# # Fix the “It appears that your reverse proxy set up is broken" error.
# proxy_pass http://opendmp.frontend:8080;
# proxy_read_timeout 90;
# proxy_redirect http://opendmp.frontend:8080 https://${APP_HOST}${APP_PORT};
# }
# location /api/ {
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# # Fix the “It appears that your reverse proxy set up is broken" error.
# proxy_pass http://opendmp.backend:8080;
# proxy_read_timeout 90;
# proxy_redirect http://opendmp.backend:8080 https://${APP_HOST}${APP_PORT}/api;
# }
# location /api/notification/ {
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# # Fix the “It appears that your reverse proxy set up is broken" error.
# proxy_pass http://opendmp.notification:8080;
# proxy_read_timeout 90;
# proxy_redirect http://opendmp.notification:8080 https://${APP_HOST}${APP_PORT}/api/notification;
# }
# location /api/annotation/ {
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# # Fix the “It appears that your reverse proxy set up is broken" error.
# proxy_pass http://opendmp.annotation:8080;
# proxy_read_timeout 90;
# proxy_redirect http://opendmp.annotation:8080 https://${APP_HOST}${APP_PORT}/api/annotation;
# }
# }
server { server {
listen 8081 ssl; set $ms_host $MS_HOST;
ssl_certificate /certifcates/cert.crt; set $ms_port $MS_PORT;
ssl_certificate_key /certifcates/key.key; listen 8080;
server_name ${APP_HOST}${APP_PORT}; server_name ${MS_HOST}${MS_PORT};
proxy_pass_header Server;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header Referrer-Policy 'strict-origin' always;
add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always;
add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always;
location / { location / {
return 301 https://$host$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://opendmp.frontend:8080;
proxy_read_timeout 90;
proxy_redirect http://opendmp.frontend:8080 https://${APP_HOST}${APP_PORT};
}
location /api/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://opendmp.backend:8080;
proxy_read_timeout 90;
proxy_redirect http://opendmp.backend:8080 https://${APP_HOST}${APP_PORT}/api;
}
location /api/notification/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://opendmp.notification:8080;
proxy_read_timeout 90;
proxy_redirect http://opendmp.notification:8080 https://${APP_HOST}${APP_PORT}/api/notification;
}
location /api/annotation/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://opendmp.annotation:8080;
proxy_read_timeout 90;
proxy_redirect http://opendmp.annotation:8080 https://${APP_HOST}${APP_PORT}/api/annotation;
} }
} }
server { server {
set $ms_host $MS_HOST;
set $ms_port $MS_PORT;
listen 8082 ssl; listen 8082 ssl;
ssl_certificate /certifcates/cert.crt; ssl_certificate /certifcates/cert.crt;
ssl_certificate_key /certifcates/key.key; ssl_certificate_key /certifcates/key.key;
@ -111,23 +127,6 @@ server {
proxy_redirect http://opendmp.keycloak:8443 https://${MS_HOST}${MS_PORT}/keycloak; proxy_redirect http://opendmp.keycloak:8443 https://${MS_HOST}${MS_PORT}/keycloak;
} }
location /rabbitmq/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass https://opendmp.rabbitmq:15672;
proxy_read_timeout 90;
proxy_redirect http://opendmp.rabbitmq:15672 https://${MS_HOST}${MS_PORT}/rabbitmq;
}
location /elastic/ { location /elastic/ {
proxy_set_header Host $host; proxy_set_header Host $host;

View File

@ -0,0 +1,2 @@
deprecated_features.permit.management_metrics_collection = false
proxy_protocol = true

View File

@ -1,3 +1,3 @@
RABBITMQ_DEFAULT_USER=guest RABBITMQ_DEFAULT_USER=guest
RABBITMQ_DEFAULT_PASS=guest RABBITMQ_DEFAULT_PASS=guest
RABBITMQ_DEFAULT_VHOST=/rabbitmq/ RABBITMQ_DEFAULT_VHOST=/