Finalize deployment for keycloak, rabbitmq, and gotenberg
This commit is contained in:
parent
52799fdd7d
commit
f1c1503b1c
|
@ -11,7 +11,7 @@ DOCX_APP_TAG=0.0.8
|
||||||
JSON_APP_TAG=0.0.6
|
JSON_APP_TAG=0.0.6
|
||||||
ZENODO_APP_TAG=2.0.4
|
ZENODO_APP_TAG=2.0.4
|
||||||
POSTGRES_TAG=16-alpine
|
POSTGRES_TAG=16-alpine
|
||||||
ELK_VERSION=8.13.12
|
ELK_VERSION=8.13.0
|
||||||
KEYCLOAK_TAG=24.0.2
|
KEYCLOAK_TAG=24.0.2
|
||||||
RABBITMQ_TAG=3.13-management
|
RABBITMQ_TAG=3.13-management
|
||||||
GOTENBERG_TAG=8.4.0
|
GOTENBERG_TAG=8.4.0
|
||||||
|
|
|
@ -1,23 +1,24 @@
|
||||||
services:
|
services:
|
||||||
############################## PROXY ########################################
|
############################## PROXY ########################################
|
||||||
# opendmp.proxy:
|
opendmp.proxy:
|
||||||
# user: ${DEPLOY_USER}:${DEPLOY_GROUP}
|
user: ${DEPLOY_USER}:${DEPLOY_GROUP}
|
||||||
# restart: unless-stopped
|
restart: unless-stopped
|
||||||
# cpus: 1
|
cpus: 1
|
||||||
# mem_limit: 256m
|
mem_limit: 256m
|
||||||
# ports:
|
ports:
|
||||||
# - "${PROXY_APP_PORT}:8081"
|
- "${PROXY_APP_PORT}:8081"
|
||||||
# - "${PROXY_MS_PORT}:8082"
|
- "${PROXY_MS_PORT}:8082"
|
||||||
# env_file:
|
env_file:
|
||||||
# - proxy/proxy.env
|
- ./proxy/proxy.env
|
||||||
# volumes:
|
volumes:
|
||||||
# - proxy/nginx.conf:/etc/nginx/nginx.conf
|
# - ./proxy/template-variables:/etc/nginx/templates/10-variables.conf.template:ro
|
||||||
# - proxy/ProxyNginx.conf:/etc/nginx/conf.d/default.conf
|
- ./proxy/nginx.conf:/etc/nginx/nginx.conf
|
||||||
# - proxy/nginx-selfsigned.crt:/certifcates/cert.crt
|
- ./proxy/ProxyNginx.conf:/etc/nginx/conf.d/default.conf
|
||||||
# - proxy/nginx-selfsigned.key:/certifcates/key.key
|
- ./proxy/nginx-selfsigned.crt:/certifcates/cert.crt
|
||||||
# - logs/proxy:/tmp/logs
|
- ./proxy/nginx-selfsigned.key:/certifcates/key.key
|
||||||
# networks:
|
- ./logs/proxy:/tmp/logs
|
||||||
# - opendmp-proxy-network
|
networks:
|
||||||
|
- opendmp-proxy-network
|
||||||
|
|
||||||
############################## OPENDMP APP #################################
|
############################## OPENDMP APP #################################
|
||||||
# opendmp.backend:
|
# opendmp.backend:
|
||||||
|
@ -171,67 +172,73 @@ services:
|
||||||
# - "127.0.0.1:${POSTGRES_PORT}:5432" # If you want to make it accessible locally only
|
# - "127.0.0.1:${POSTGRES_PORT}:5432" # If you want to make it accessible locally only
|
||||||
- "${POSTGRES_PORT}:5432"
|
- "${POSTGRES_PORT}:5432"
|
||||||
env_file:
|
env_file:
|
||||||
- postgres/postgres.env
|
- ./postgres/postgres.env
|
||||||
volumes:
|
volumes:
|
||||||
- ./storage/postgres/data:/var/lib/postgresql/data
|
- ./storage/postgres/data:/var/lib/postgresql/data
|
||||||
networks:
|
networks:
|
||||||
- opendmp-postgres-shared-network
|
- opendmp-postgres-shared-network
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD-SHELL", "sh -c 'pg_isready -U opendmp-psql -d opendmp'"]
|
||||||
|
interval: 15s
|
||||||
|
timeout: 60s
|
||||||
|
retries: 5
|
||||||
|
|
||||||
|
|
||||||
################################# ELK #################################################
|
################################# ELK #################################################
|
||||||
# opendmp.elasticsearch:
|
# opendmp.elasticsearch:
|
||||||
# user: ${DEPLOY_USER}:${DEPLOY_GROUP}
|
# user: ${DEPLOY_USER}:${DEPLOY_GROUP}
|
||||||
# group_add:
|
# group_add:
|
||||||
# - 0
|
# - 0
|
||||||
# restart: unless-stopped
|
# restart: unless-stopped
|
||||||
# cpus: 2
|
# cpus: 2
|
||||||
# mem_limit: 1024m
|
# mem_limit: 1024m
|
||||||
# env_file:
|
# env_file:
|
||||||
# - elk/config-elk/elasticsearch/elastic.env
|
# - elk/config-elk/elasticsearch/elastic.env
|
||||||
# environment:
|
# environment:
|
||||||
# - "ES_JAVA_OPTS=-Xmx512m -Xms512m"
|
# - ES_JAVA_OPTS=-Xmx512m -Xms512m
|
||||||
# ulimits:
|
# ulimits:
|
||||||
# nproc: 65535
|
# nproc: 65535
|
||||||
# memlock:
|
# memlock:
|
||||||
# soft: -1
|
# soft: -1
|
||||||
# hard: -1
|
# hard: -1
|
||||||
# volumes:
|
# volumes:
|
||||||
# - elk/config-elk/elasticsearch/certificates:/usr/share/elasticsearch/config/certificates
|
# - ./elk/config-elk/elasticsearch/certificates:/usr/share/elasticsearch/config/certificates
|
||||||
# - elk/config-elk/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro
|
# - ./elk/config-elk/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro
|
||||||
# - elk/config-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
|
# - ./elk/config-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
|
||||||
# - elk/data-elk/elasticsearch-data:/usr/share/elasticsearch/data
|
# - ./elk/data-elk/elasticsearch-data:/usr/share/elasticsearch/data
|
||||||
# - elk/data-elk/elasticsearch-log:/usr/share/elasticsearch/logs
|
# - ./elk/data-elk/elasticsearch-log:/usr/share/elasticsearch/logs
|
||||||
# expose:
|
# expose:
|
||||||
# - "9200"
|
# - "9200"
|
||||||
# - "9300"
|
# - "9300"
|
||||||
# networks:
|
# networks:
|
||||||
# - opendmp-elastic-network
|
# - opendmp-elastic-network
|
||||||
# - opendmp-elastic-shared-network
|
# - opendmp-elastic-shared-network
|
||||||
# healthcheck:
|
# healthcheck:
|
||||||
# test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
|
# test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
|
||||||
# interval: 30s
|
# interval: 30s
|
||||||
# timeout: 10s
|
# timeout: 10s
|
||||||
# retries: 5
|
# retries: 5
|
||||||
|
|
||||||
# # opendmp.logstash:
|
# # opendmp.logstash:
|
||||||
# # volumes:
|
# # volumes:
|
||||||
# # - /elk/data-elk/logstash-log:/usr/share/logstash/logs
|
# # - /elk/data-elk/logstash-log:/usr/share/logstash/logs
|
||||||
|
|
||||||
# opendmp.kibana:
|
# opendmp.kibana:
|
||||||
# user: ${DEPLOY_USER}:${DEPLOY_GROUP}
|
# user: ${DEPLOY_USER}:${DEPLOY_GROUP}
|
||||||
# restart: unless-stopped
|
# restart: unless-stopped
|
||||||
# cpus: 2
|
# cpus: 2
|
||||||
# mem_limit: 1024m
|
# mem_limit: 1024m
|
||||||
# environment:
|
# environment:
|
||||||
# - xpack.license.self_generated.type=basic
|
# - xpack.license.self_generated.type=basic
|
||||||
# - xpack.security.enabled=true
|
# - xpack.security.enabled=true
|
||||||
# volumes:
|
# volumes:
|
||||||
# - elk/config-elk/kibana/certificates:/usr/share/kibana/certificates
|
# - ./elk/config-elk/kibana/certificates:/usr/share/kibana/certificates
|
||||||
# - elk/config-elk/kibana/certificates/ca:/usr/share/kibana/certificate_authorities
|
# - ./elk/config-elk/kibana/certificates/ca:/usr/share/kibana/certificate_authorities
|
||||||
# - elk/config-elk/kibana/config:/usr/share/kibana/config:ro
|
# - ./elk/config-elk/kibana/config:/usr/share/kibana/config:ro
|
||||||
# expose:
|
# expose:
|
||||||
# - "5601"
|
# - "5601"
|
||||||
# networks:
|
# networks:
|
||||||
# - opendmp-elastic-network
|
# - opendmp-elastic-network
|
||||||
|
|
||||||
# # opendmp.filebeat:
|
# # opendmp.filebeat:
|
||||||
|
|
||||||
|
@ -240,6 +247,7 @@ services:
|
||||||
opendmp.keycloak:
|
opendmp.keycloak:
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
command: ["start", "--log=console,file", "--log-file=/tmp/logs/keycloak.log", "--import-realm"]
|
command: ["start", "--log=console,file", "--log-file=/tmp/logs/keycloak.log", "--import-realm"]
|
||||||
|
# command: ["start", "--log=console,file", "--log-file=/tmp/logs/keycloak.log"]
|
||||||
cpus: 1
|
cpus: 1
|
||||||
mem_limit: 1024M
|
mem_limit: 1024M
|
||||||
security_opt:
|
security_opt:
|
||||||
|
@ -249,10 +257,10 @@ services:
|
||||||
environment:
|
environment:
|
||||||
- JAVA_OPTS_APPEND="-Djava.net.preferIPv4Stack=true"
|
- JAVA_OPTS_APPEND="-Djava.net.preferIPv4Stack=true"
|
||||||
volumes:
|
volumes:
|
||||||
- logs/keycloak:/tmp/logs
|
- ./logs/keycloak:/tmp/logs
|
||||||
- keycloak/imports/opendmp-realm.json:/opt/keycloak/data/import/opendmp-realm.json
|
- ./keycloak/imports/opendmp-realm.json:/opt/keycloak/data/import/opendmp-realm.json
|
||||||
- keycloak/certs/keycloak-selfsigned.crt:/tmp/keycloak-selfsigned.crt:ro
|
- ./keycloak/certs/keycloak-selfsigned.crt:/tmp/keycloak-selfsigned.crt:ro
|
||||||
- keycloak/certs/keycloak-selfsigned.key:/tmp/keycloak-selfsigned.key:ro
|
- ./keycloak/certs/keycloak-selfsigned.key:/tmp/keycloak-selfsigned.key:ro
|
||||||
expose:
|
expose:
|
||||||
- "8443"
|
- "8443"
|
||||||
networks:
|
networks:
|
||||||
|
@ -261,34 +269,34 @@ services:
|
||||||
- opendmp-keycloak-shared-network
|
- opendmp-keycloak-shared-network
|
||||||
|
|
||||||
# ############################## RABBITMQ ###############################################
|
# ############################## RABBITMQ ###############################################
|
||||||
# opendmp.rabbitmq:
|
opendmp.rabbitmq:
|
||||||
# labels:
|
labels:
|
||||||
# NAME: "rabbitmq"
|
NAME: "rabbitmq"
|
||||||
# cpus: 1
|
cpus: 1
|
||||||
# mem_limit: 512m
|
mem_limit: 512m
|
||||||
# restart: unless-stopped
|
restart: unless-stopped
|
||||||
# expose:
|
ports:
|
||||||
# - "15672"
|
- "0.0.0.0:15672:15672"
|
||||||
# - "5672"
|
- "0.0.0.0:5672:5672"
|
||||||
# env_file:
|
env_file:
|
||||||
# - rabbitmq/rabbitmq.env
|
- rabbitmq/rabbitmq.env
|
||||||
# # volumes:
|
volumes:
|
||||||
# # - /rabbitmq/rabbitmq.config:/etc/rabbitmq/rabbitmq.config:ro
|
- /rabbitmq/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro
|
||||||
# networks:
|
networks:
|
||||||
# - opendmp-proxy-network
|
- opendmp-proxy-network
|
||||||
# - opendmp-rabbitmq-shared-network
|
- opendmp-rabbitmq-shared-network
|
||||||
|
|
||||||
# ############################## GOTENBERG ##############################################
|
# ############################## GOTENBERG ##############################################
|
||||||
# opendmp.gotenberg:
|
opendmp.gotenberg:
|
||||||
# mem_limit: 2048m
|
mem_limit: 2048m
|
||||||
# restart: unless-stopped
|
restart: unless-stopped
|
||||||
# expose:
|
expose:
|
||||||
# - "3000"
|
- "3000"
|
||||||
# hostname: gotenberg
|
hostname: gotenberg
|
||||||
# env_file:
|
env_file:
|
||||||
# - gotenberg/gotenberg.env
|
- gotenberg/gotenberg.env
|
||||||
# networks:
|
networks:
|
||||||
# - opendmp-gotenberg-shared-network
|
- opendmp-gotenberg-shared-network
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
opendmp-elastic-network:
|
opendmp-elastic-network:
|
||||||
|
|
|
@ -1,8 +1,11 @@
|
||||||
services:
|
services:
|
||||||
############################## PROXY ########################################
|
############################## PROXY ########################################
|
||||||
# opendmp.proxy:
|
opendmp.proxy:
|
||||||
# container_name: opendmp.proxy
|
container_name: opendmp.proxy
|
||||||
# image: nginx:${PROXY_TAG}
|
image: nginx:${PROXY_TAG}
|
||||||
|
depends_on:
|
||||||
|
- opendmp.keycloak
|
||||||
|
# - opendmp.kibana
|
||||||
|
|
||||||
# ############################## OPENDMP APP #################################
|
# ############################## OPENDMP APP #################################
|
||||||
|
|
||||||
|
@ -63,13 +66,15 @@ services:
|
||||||
POSTGRES_TAG: $POSTGRES_TAG
|
POSTGRES_TAG: $POSTGRES_TAG
|
||||||
|
|
||||||
################################# ELK #################################################
|
################################# ELK #################################################
|
||||||
# opendmp.elasticsearch:
|
# opendmp.elasticsearch:
|
||||||
# container_name: opendmp.elasticsearch
|
# container_name: opendmp.elasticsearch
|
||||||
# image: elasticsearch
|
# image: elasticsearch
|
||||||
# build:
|
# build:
|
||||||
# context: /elk/elasticsearch/
|
# context: ./elk/elasticsearch/
|
||||||
# args:
|
# args:
|
||||||
# ELK_VERSION: $ELK_VERSION
|
# ELK_VERSION: $ELK_VERSION
|
||||||
|
# DEPLOY_USER : $DEPLOY_USER
|
||||||
|
# DEPLOY_GROUP : $DEPLOY_GROUP
|
||||||
|
|
||||||
# # opendmp.logstash:
|
# # opendmp.logstash:
|
||||||
# # container_name: opendmp.logstash
|
# # container_name: opendmp.logstash
|
||||||
|
@ -81,15 +86,17 @@ services:
|
||||||
# # depends_on:
|
# # depends_on:
|
||||||
# # - opendmp.elasticsearch
|
# # - opendmp.elasticsearch
|
||||||
|
|
||||||
# opendmp.kibana:
|
# opendmp.kibana:
|
||||||
# container_name: opendmp.kibana
|
# container_name: opendmp.kibana
|
||||||
# image: kibana
|
# image: kibana
|
||||||
# build:
|
# build:
|
||||||
# context: /elk/kibana/
|
# context: ./elk/kibana/
|
||||||
# args:
|
# args:
|
||||||
# ELK_VERSION: $ELK_VERSION
|
# ELK_VERSION: $ELK_VERSION
|
||||||
# depends_on:
|
# DEPLOY_USER : $DEPLOY_USER
|
||||||
# - opendmp.elasticsearch
|
# DEPLOY_GROUP : $DEPLOY_GROUP
|
||||||
|
# depends_on:
|
||||||
|
# - opendmp.elasticsearch
|
||||||
|
|
||||||
# # opendmp.filebeat:
|
# # opendmp.filebeat:
|
||||||
# # container_name: opendmp.filebeat
|
# # container_name: opendmp.filebeat
|
||||||
|
@ -105,13 +112,16 @@ services:
|
||||||
opendmp.keycloak:
|
opendmp.keycloak:
|
||||||
container_name: opendmp.keycloak
|
container_name: opendmp.keycloak
|
||||||
image: quay.io/keycloak/keycloak:${KEYCLOAK_TAG}
|
image: quay.io/keycloak/keycloak:${KEYCLOAK_TAG}
|
||||||
|
depends_on:
|
||||||
|
opendmp.postgres:
|
||||||
|
condition: service_healthy
|
||||||
|
|
||||||
# ############################## RABBITMQ ###############################################
|
# ############################## RABBITMQ ###############################################
|
||||||
# opendmp.rabbitmq:
|
opendmp.rabbitmq:
|
||||||
# container_name: opendmp.rabbitmq
|
container_name: opendmp.rabbitmq
|
||||||
# image: rabbitmq:${RABBITMQ_TAG}
|
image: rabbitmq:${RABBITMQ_TAG}
|
||||||
|
|
||||||
# ############################## GOTENBERG ##############################################
|
# ############################## GOTENBERG ##############################################
|
||||||
# opendmp.gotenberg:
|
opendmp.gotenberg:
|
||||||
# image: gotenberg/gotenberg:${GOTENBERG_TAG}
|
image: gotenberg/gotenberg:${GOTENBERG_TAG}
|
||||||
# container_name: opendmp.gotenberg
|
container_name: opendmp.gotenberg
|
||||||
|
|
|
@ -1,18 +1,23 @@
|
||||||
ARG ELK_VERSION
|
ARG ELK_VERSION
|
||||||
ARG DEPLOY_USER
|
ARG DEPLOY_USER
|
||||||
|
ARG DEPLOY_GROUP
|
||||||
# https://github.com/elastic/elasticsearch-docker
|
# https://github.com/elastic/elasticsearch-docker
|
||||||
FROM docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION}
|
FROM docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION}
|
||||||
|
|
||||||
|
ARG DEPLOY_USER
|
||||||
|
ARG DEPLOY_GROUP
|
||||||
|
ENV DEPLOY_USER $DEPLOY_USER
|
||||||
|
ENV DEPLOY_GROUP $DEPLOY_GROUP
|
||||||
|
|
||||||
RUN /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu && \
|
RUN /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu && \
|
||||||
/usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-phonetic
|
/usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-phonetic
|
||||||
USER root
|
USER root
|
||||||
RUN groupmod -g ${DEPLOY_USER} elasticsearch
|
RUN groupmod -g ${DEPLOY_GROUP} elasticsearch
|
||||||
RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_USER} elasticsearch
|
RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_GROUP} elasticsearch
|
||||||
RUN chown -R elasticsearch /usr/share/elasticsearch
|
RUN chown -R elasticsearch /usr/share/elasticsearch
|
||||||
RUN sed -i -e 's/--userspec=1000/--userspec=${DEPLOY_USER}/g' \
|
RUN sed -i -e 's/--userspec=1000/--userspec=1000/g' \
|
||||||
-e 's/UID 1000/UID ${DEPLOY_USER}/' \
|
-e 's/UID 1000/UID 1000/' \
|
||||||
-e 's/chown -R 1000/chown -R ${DEPLOY_USER}/' /usr/local/bin/docker-entrypoint.sh
|
-e 's/chown -R 1000/chown -R 1000/' /usr/local/bin/docker-entrypoint.sh
|
||||||
RUN chown elasticsearch /usr/local/bin/docker-entrypoint.sh
|
RUN chown elasticsearch /usr/local/bin/docker-entrypoint.sh
|
||||||
|
|
||||||
ENV JAVA_HOME /usr/share/elasticsearch/jdk
|
ENV JAVA_HOME /usr/share/elasticsearch/jdk
|
|
@ -1,14 +1,21 @@
|
||||||
ARG ELK_VERSION
|
ARG ELK_VERSION
|
||||||
|
ARG DEPLOY_USER
|
||||||
|
ARG DEPLOY_GROUP
|
||||||
|
|
||||||
# https://github.com/elastic/kibana-docker
|
# https://github.com/elastic/kibana-docker
|
||||||
FROM docker.elastic.co/kibana/kibana:${ELK_VERSION}
|
FROM docker.elastic.co/kibana/kibana:${ELK_VERSION}
|
||||||
|
|
||||||
|
ARG DEPLOY_USER
|
||||||
|
ARG DEPLOY_GROUP
|
||||||
|
ENV DEPLOY_USER $DEPLOY_USER
|
||||||
|
ENV DEPLOY_GROUP $DEPLOY_GROUP
|
||||||
|
|
||||||
USER root
|
USER root
|
||||||
RUN groupmod -g 1008 kibana
|
RUN groupmod -g ${DEPLOY_GROUP} kibana
|
||||||
RUN usermod -u 1008 -g 1008 kibana
|
RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_GROUP} kibana
|
||||||
RUN chown -R kibana /usr/share/kibana
|
RUN chown -R kibana /usr/share/kibana
|
||||||
|
|
||||||
USER 1008:1008
|
USER ${DEPLOY_USER}:${DEPLOY_GROUP}
|
||||||
|
|
||||||
# Add your kibana plugins setup here
|
# Add your kibana plugins setup here
|
||||||
# Example: RUN kibana-plugin install <name|url>
|
# Example: RUN kibana-plugin install <name|url>
|
||||||
|
|
|
@ -5,14 +5,15 @@ KC_DB_URL_HOST=opendmp.postgres
|
||||||
KC_DB_SCHEMA=public
|
KC_DB_SCHEMA=public
|
||||||
KC_DB_URL_DATABASE=keycloak
|
KC_DB_URL_DATABASE=keycloak
|
||||||
KC_DB_PORT=5432
|
KC_DB_PORT=5432
|
||||||
KC_DB_USERNAME=keycloak-admin
|
KC_DB_USERNAME=keycloak-psql
|
||||||
KC_DB_PASSWORD=admin
|
KC_DB_PASSWORD=keycloak-admin
|
||||||
|
|
||||||
#Keycloak related configuration
|
#Keycloak related configuration
|
||||||
KEYCLOAK_ADMIN=opendmp-admin
|
KEYCLOAK_ADMIN=keycloak-admin
|
||||||
KEYCLOAK_ADMIN_PASSWORD=admin
|
KEYCLOAK_ADMIN_PASSWORD=admin
|
||||||
KC_HOSTNAME_URL=https://localhost:8082
|
KC_HOSTNAME_URL=https://localhost:8082/keycloak
|
||||||
KC_HOSTNAME_ADMIN_URL=https://localhost:8082
|
KC_HOSTNAME_ADMIN_URL=https://localhost:8082/keycloak
|
||||||
|
KC_HTTP_RELATIVE_PATH=/keycloak
|
||||||
KC_PROXY_HEADERS=xforwarded
|
KC_PROXY_HEADERS=xforwarded
|
||||||
KC_HOSTNAME_STRICT_HTTPS=true
|
KC_HOSTNAME_STRICT_HTTPS=true
|
||||||
KC_HOSTNAME_STRICT_BACKCHANNEL=true
|
KC_HOSTNAME_STRICT_BACKCHANNEL=true
|
||||||
|
|
|
@ -3,7 +3,6 @@ ARG DEPLOY_USER
|
||||||
ARG DEPLOY_GROUP
|
ARG DEPLOY_GROUP
|
||||||
FROM postgres:${POSTGRES_TAG}
|
FROM postgres:${POSTGRES_TAG}
|
||||||
COPY ./opendmp_init.sql /docker-entrypoint-initdb.d/
|
COPY ./opendmp_init.sql /docker-entrypoint-initdb.d/
|
||||||
COPY ./keycloak_init.sql /docker-entrypoint-initdb.d/
|
|
||||||
COPY ./user_init.sql /docker-entrypoint-initdb.d/
|
COPY ./user_init.sql /docker-entrypoint-initdb.d/
|
||||||
ENTRYPOINT ["docker-entrypoint.sh"]
|
ENTRYPOINT ["docker-entrypoint.sh"]
|
||||||
EXPOSE 5432
|
EXPOSE 5432
|
||||||
|
|
|
@ -1,12 +1,3 @@
|
||||||
--
|
|
||||||
-- PostgreSQL database dump
|
|
||||||
--
|
|
||||||
|
|
||||||
-- Dumped from database version 16.2
|
|
||||||
-- Dumped by pg_dump version 16.2
|
|
||||||
|
|
||||||
-- Started on 2024-04-25 13:31:48
|
|
||||||
|
|
||||||
SET statement_timeout = 0;
|
SET statement_timeout = 0;
|
||||||
SET lock_timeout = 0;
|
SET lock_timeout = 0;
|
||||||
SET idle_in_transaction_session_timeout = 0;
|
SET idle_in_transaction_session_timeout = 0;
|
||||||
|
@ -20,13 +11,13 @@ SET row_security = off;
|
||||||
|
|
||||||
--
|
--
|
||||||
-- TOC entry 4132 (class 1262 OID 49907)
|
-- TOC entry 4132 (class 1262 OID 49907)
|
||||||
-- Name: opendmp-test; Type: DATABASE; Schema: -; Owner: -
|
-- Name: opendmp; Type: DATABASE; Schema: -; Owner: -
|
||||||
--
|
--
|
||||||
|
|
||||||
CREATE DATABASE "opendmp-test" WITH TEMPLATE = template0 ENCODING = 'UTF8' LOCALE_PROVIDER = libc LOCALE = 'en_US.utf8';
|
CREATE DATABASE "opendmp" WITH TEMPLATE = template0 ENCODING = 'UTF8' LOCALE_PROVIDER = libc LOCALE = 'en_US.utf8';
|
||||||
|
|
||||||
|
|
||||||
\connect -reuse-previous=on "dbname='opendmp-test'"
|
\connect -reuse-previous=on "dbname='opendmp'"
|
||||||
|
|
||||||
SET statement_timeout = 0;
|
SET statement_timeout = 0;
|
||||||
SET lock_timeout = 0;
|
SET lock_timeout = 0;
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
#################### POSTGRES ########################
|
#################### POSTGRES ########################
|
||||||
POSTGRES_USER=postgres
|
POSTGRES_USER=postgres
|
||||||
POSTGRES_PASSWORD=changeme
|
POSTGRES_PASSWORD=postgres-admin
|
||||||
PGDATA=/var/lib/postgresql/data/
|
|
|
@ -1,4 +1,4 @@
|
||||||
CREATE USER keycloak_psql WITH PASSWORD 'keycloak-admin';
|
CREATE USER "keycloak-psql" WITH PASSWORD 'keycloak-admin';
|
||||||
ALTER DATABASE keycloak OWNER TO keycloak_psql;
|
CREATE DATABASE keycloak WITH OWNER "keycloak-psql";
|
||||||
CREATE USER opendmp_psql WITH PASSWORD 'opendmp-admin';
|
CREATE USER "opendmp-psql" WITH PASSWORD 'opendmp-admin';
|
||||||
ALTER DATABASE "opendmp-test" OWNER TO opendmp_psql;
|
ALTER DATABASE "opendmp" OWNER TO "opendmp-psql";
|
|
@ -6,6 +6,8 @@ server {
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
set $app_host $APP_HOST;
|
||||||
|
set $app_port $APP_PORT;
|
||||||
listen 8080;
|
listen 8080;
|
||||||
server_name ${APP_HOST}${APP_PORT};
|
server_name ${APP_HOST}${APP_PORT};
|
||||||
location / {
|
location / {
|
||||||
|
@ -13,74 +15,88 @@ server {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# server {
|
||||||
|
# set $app_host $APP_HOST;
|
||||||
|
# set $app_port $APP_PORT;
|
||||||
|
# listen 8081 ssl;
|
||||||
|
# ssl_certificate /certifcates/cert.crt;
|
||||||
|
# ssl_certificate_key /certifcates/key.key;
|
||||||
|
# server_name ${APP_HOST}${APP_PORT};
|
||||||
|
# proxy_pass_header Server;
|
||||||
|
|
||||||
|
# add_header X-XSS-Protection "1; mode=block" always;
|
||||||
|
# add_header X-Content-Type-Options nosniff;
|
||||||
|
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
||||||
|
# add_header Referrer-Policy 'strict-origin' always;
|
||||||
|
# add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always;
|
||||||
|
# add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always;
|
||||||
|
|
||||||
|
# location / {
|
||||||
|
|
||||||
|
# proxy_set_header Host $host;
|
||||||
|
# proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
# # Fix the “It appears that your reverse proxy set up is broken" error.
|
||||||
|
# proxy_pass http://opendmp.frontend:8080;
|
||||||
|
# proxy_read_timeout 90;
|
||||||
|
# proxy_redirect http://opendmp.frontend:8080 https://${APP_HOST}${APP_PORT};
|
||||||
|
# }
|
||||||
|
|
||||||
|
# location /api/ {
|
||||||
|
|
||||||
|
# proxy_set_header Host $host;
|
||||||
|
# proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
# # Fix the “It appears that your reverse proxy set up is broken" error.
|
||||||
|
# proxy_pass http://opendmp.backend:8080;
|
||||||
|
# proxy_read_timeout 90;
|
||||||
|
# proxy_redirect http://opendmp.backend:8080 https://${APP_HOST}${APP_PORT}/api;
|
||||||
|
# }
|
||||||
|
|
||||||
|
# location /api/notification/ {
|
||||||
|
|
||||||
|
# proxy_set_header Host $host;
|
||||||
|
# proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
# # Fix the “It appears that your reverse proxy set up is broken" error.
|
||||||
|
# proxy_pass http://opendmp.notification:8080;
|
||||||
|
# proxy_read_timeout 90;
|
||||||
|
# proxy_redirect http://opendmp.notification:8080 https://${APP_HOST}${APP_PORT}/api/notification;
|
||||||
|
# }
|
||||||
|
|
||||||
|
# location /api/annotation/ {
|
||||||
|
|
||||||
|
# proxy_set_header Host $host;
|
||||||
|
# proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
# # Fix the “It appears that your reverse proxy set up is broken" error.
|
||||||
|
# proxy_pass http://opendmp.annotation:8080;
|
||||||
|
# proxy_read_timeout 90;
|
||||||
|
# proxy_redirect http://opendmp.annotation:8080 https://${APP_HOST}${APP_PORT}/api/annotation;
|
||||||
|
# }
|
||||||
|
# }
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 8081 ssl;
|
set $ms_host $MS_HOST;
|
||||||
ssl_certificate /certifcates/cert.crt;
|
set $ms_port $MS_PORT;
|
||||||
ssl_certificate_key /certifcates/key.key;
|
listen 8080;
|
||||||
server_name ${APP_HOST}${APP_PORT};
|
server_name ${MS_HOST}${MS_PORT};
|
||||||
proxy_pass_header Server;
|
|
||||||
|
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
|
||||||
add_header X-Content-Type-Options nosniff;
|
|
||||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
|
||||||
add_header Referrer-Policy 'strict-origin' always;
|
|
||||||
add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always;
|
|
||||||
add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always;
|
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
|
|
||||||
# Fix the “It appears that your reverse proxy set up is broken" error.
|
|
||||||
proxy_pass http://opendmp.frontend:8080;
|
|
||||||
proxy_read_timeout 90;
|
|
||||||
proxy_redirect http://opendmp.frontend:8080 https://${APP_HOST}${APP_PORT};
|
|
||||||
}
|
|
||||||
|
|
||||||
location /api/ {
|
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
|
|
||||||
# Fix the “It appears that your reverse proxy set up is broken" error.
|
|
||||||
proxy_pass http://opendmp.backend:8080;
|
|
||||||
proxy_read_timeout 90;
|
|
||||||
proxy_redirect http://opendmp.backend:8080 https://${APP_HOST}${APP_PORT}/api;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /api/notification/ {
|
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
|
|
||||||
# Fix the “It appears that your reverse proxy set up is broken" error.
|
|
||||||
proxy_pass http://opendmp.notification:8080;
|
|
||||||
proxy_read_timeout 90;
|
|
||||||
proxy_redirect http://opendmp.notification:8080 https://${APP_HOST}${APP_PORT}/api/notification;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /api/annotation/ {
|
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
|
|
||||||
# Fix the “It appears that your reverse proxy set up is broken" error.
|
|
||||||
proxy_pass http://opendmp.annotation:8080;
|
|
||||||
proxy_read_timeout 90;
|
|
||||||
proxy_redirect http://opendmp.annotation:8080 https://${APP_HOST}${APP_PORT}/api/annotation;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
set $ms_host $MS_HOST;
|
||||||
|
set $ms_port $MS_PORT;
|
||||||
listen 8082 ssl;
|
listen 8082 ssl;
|
||||||
ssl_certificate /certifcates/cert.crt;
|
ssl_certificate /certifcates/cert.crt;
|
||||||
ssl_certificate_key /certifcates/key.key;
|
ssl_certificate_key /certifcates/key.key;
|
||||||
|
@ -111,23 +127,6 @@ server {
|
||||||
proxy_redirect http://opendmp.keycloak:8443 https://${MS_HOST}${MS_PORT}/keycloak;
|
proxy_redirect http://opendmp.keycloak:8443 https://${MS_HOST}${MS_PORT}/keycloak;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /rabbitmq/ {
|
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header X-Forwarded-Port $server_port;
|
|
||||||
proxy_set_header X-Forwarded-Host $host;
|
|
||||||
proxy_set_header X-Forwarded-Server $host;
|
|
||||||
|
|
||||||
# Fix the “It appears that your reverse proxy set up is broken" error.
|
|
||||||
proxy_pass https://opendmp.rabbitmq:15672;
|
|
||||||
proxy_read_timeout 90;
|
|
||||||
|
|
||||||
proxy_redirect http://opendmp.rabbitmq:15672 https://${MS_HOST}${MS_PORT}/rabbitmq;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /elastic/ {
|
location /elastic/ {
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
deprecated_features.permit.management_metrics_collection = false
|
||||||
|
proxy_protocol = true
|
|
@ -1,3 +1,3 @@
|
||||||
RABBITMQ_DEFAULT_USER=guest
|
RABBITMQ_DEFAULT_USER=guest
|
||||||
RABBITMQ_DEFAULT_PASS=guest
|
RABBITMQ_DEFAULT_PASS=guest
|
||||||
RABBITMQ_DEFAULT_VHOST=/rabbitmq/
|
RABBITMQ_DEFAULT_VHOST=/
|
Loading…
Reference in New Issue