Finalize deployment for keycloak, rabbitmq, and gotenberg

2024-04-25 17:59:42 +03:00 · 2024-04-25 17:59:42 +03:00 · f1c1503b1c
parent 52799fdd7d
commit f1c1503b1c
13 changed files with 259 additions and 238 deletions
--- a/deployment/.env
+++ b/deployment/.env
@ -11,7 +11,7 @@ DOCX_APP_TAG=0.0.8
 JSON_APP_TAG=0.0.6
 ZENODO_APP_TAG=2.0.4
 POSTGRES_TAG=16-alpine
-ELK_VERSION=8.13.12
+ELK_VERSION=8.13.0
 KEYCLOAK_TAG=24.0.2
 RABBITMQ_TAG=3.13-management
 GOTENBERG_TAG=8.4.0
--- a/deployment/docker-compose.override.yml
+++ b/deployment/docker-compose.override.yml
@ -1,23 +1,24 @@
 services:
 ############################## PROXY ########################################
-  # opendmp.proxy:
+  opendmp.proxy:
-  #   user: ${DEPLOY_USER}:${DEPLOY_GROUP}
+    user: ${DEPLOY_USER}:${DEPLOY_GROUP}
-  #   restart: unless-stopped
+    restart: unless-stopped
-  #   cpus: 1
+    cpus: 1
-  #   mem_limit: 256m
+    mem_limit: 256m
-  #   ports:
+    ports:
-  #     - "${PROXY_APP_PORT}:8081"
+      - "${PROXY_APP_PORT}:8081"
-  #     - "${PROXY_MS_PORT}:8082"
+      - "${PROXY_MS_PORT}:8082"
-  #   env_file:
+    env_file:
-  #     - proxy/proxy.env
+      - ./proxy/proxy.env
-  #   volumes:
+    volumes:
-  #     - proxy/nginx.conf:/etc/nginx/nginx.conf
+      # - ./proxy/template-variables:/etc/nginx/templates/10-variables.conf.template:ro
-  #     - proxy/ProxyNginx.conf:/etc/nginx/conf.d/default.conf
+      - ./proxy/nginx.conf:/etc/nginx/nginx.conf
-  #     - proxy/nginx-selfsigned.crt:/certifcates/cert.crt
+      - ./proxy/ProxyNginx.conf:/etc/nginx/conf.d/default.conf
-  #     - proxy/nginx-selfsigned.key:/certifcates/key.key
+      - ./proxy/nginx-selfsigned.crt:/certifcates/cert.crt
-  #     - logs/proxy:/tmp/logs
+      - ./proxy/nginx-selfsigned.key:/certifcates/key.key
-  #   networks:
+      - ./logs/proxy:/tmp/logs
-  #     - opendmp-proxy-network
+    networks:
      - opendmp-proxy-network
 ############################## OPENDMP APP #################################
 #   opendmp.backend:
@ -171,67 +172,73 @@ services:
        # - "127.0.0.1:${POSTGRES_PORT}:5432" # If you want to make it accessible locally only
        - "${POSTGRES_PORT}:5432"
      env_file:
-      - postgres/postgres.env
+        - ./postgres/postgres.env
      volumes:
        - ./storage/postgres/data:/var/lib/postgresql/data
      networks:
        - opendmp-postgres-shared-network
      healthcheck:
        test: ["CMD-SHELL", "sh -c 'pg_isready -U opendmp-psql -d opendmp'"]
        interval: 15s
        timeout: 60s
        retries: 5 
 ################################# ELK #################################################
-#   opendmp.elasticsearch:
+  # opendmp.elasticsearch:
-#     user: ${DEPLOY_USER}:${DEPLOY_GROUP}
+  #   user: ${DEPLOY_USER}:${DEPLOY_GROUP}
-#     group_add:
+  #   group_add:
-#       - 0
+  #     - 0
-#     restart: unless-stopped
+  #   restart: unless-stopped
-#     cpus: 2
+  #   cpus: 2
-#     mem_limit: 1024m
+  #   mem_limit: 1024m
-#     env_file:
+  #   env_file:
-#       - elk/config-elk/elasticsearch/elastic.env
+  #     - elk/config-elk/elasticsearch/elastic.env
-#     environment:
+  #   environment:
-#       - "ES_JAVA_OPTS=-Xmx512m -Xms512m"
+  #     - ES_JAVA_OPTS=-Xmx512m -Xms512m
-#     ulimits:
+  #   ulimits:
-#       nproc: 65535
+  #     nproc: 65535
-#       memlock:
+  #     memlock:
-#         soft: -1
+  #       soft: -1
-#         hard: -1
+  #       hard: -1
-#     volumes:
+  #   volumes:
-#     - elk/config-elk/elasticsearch/certificates:/usr/share/elasticsearch/config/certificates
+  #     - ./elk/config-elk/elasticsearch/certificates:/usr/share/elasticsearch/config/certificates
-#     - elk/config-elk/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro
+  #     - ./elk/config-elk/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro
-#     - elk/config-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
+  #     - ./elk/config-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
-#     - elk/data-elk/elasticsearch-data:/usr/share/elasticsearch/data
+  #     - ./elk/data-elk/elasticsearch-data:/usr/share/elasticsearch/data
-#     - elk/data-elk/elasticsearch-log:/usr/share/elasticsearch/logs
+  #     - ./elk/data-elk/elasticsearch-log:/usr/share/elasticsearch/logs
-#     expose:
+  #   expose:
-#       - "9200"
+  #     - "9200"
-#       - "9300"
+  #     - "9300"
-#     networks:
+  #   networks:
-#       - opendmp-elastic-network
+  #     - opendmp-elastic-network
-#       - opendmp-elastic-shared-network
+  #     - opendmp-elastic-shared-network
-#     healthcheck:
+  #   healthcheck:
-#       test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
+  #     test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
-#       interval: 30s
+  #     interval: 30s
-#       timeout: 10s
+  #     timeout: 10s
-#       retries: 5
+  #     retries: 5
 #   # opendmp.logstash:
 #   #   volumes:
 #   #     - /elk/data-elk/logstash-log:/usr/share/logstash/logs
-#   opendmp.kibana:
+  # opendmp.kibana:
-#     user: ${DEPLOY_USER}:${DEPLOY_GROUP}
+  #   user: ${DEPLOY_USER}:${DEPLOY_GROUP}
-#     restart: unless-stopped
+  #   restart: unless-stopped
-#     cpus: 2
+  #   cpus: 2
-#     mem_limit: 1024m
+  #   mem_limit: 1024m
-#     environment:
+  #   environment:
-#       - xpack.license.self_generated.type=basic
+  #     - xpack.license.self_generated.type=basic
-#       - xpack.security.enabled=true
+  #     - xpack.security.enabled=true
-#     volumes:
+  #   volumes:
-#       - elk/config-elk/kibana/certificates:/usr/share/kibana/certificates
+  #     - ./elk/config-elk/kibana/certificates:/usr/share/kibana/certificates
-#       - elk/config-elk/kibana/certificates/ca:/usr/share/kibana/certificate_authorities
+  #     - ./elk/config-elk/kibana/certificates/ca:/usr/share/kibana/certificate_authorities
-#       - elk/config-elk/kibana/config:/usr/share/kibana/config:ro
+  #     - ./elk/config-elk/kibana/config:/usr/share/kibana/config:ro
-#     expose:
+  #   expose:
-#       - "5601"
+  #     - "5601"
-#     networks:
+  #   networks:
-#       - opendmp-elastic-network
+  #     - opendmp-elastic-network
 #   # opendmp.filebeat:
@ -240,6 +247,7 @@ services:
  opendmp.keycloak:
    restart: unless-stopped
    command: ["start", "--log=console,file", "--log-file=/tmp/logs/keycloak.log", "--import-realm"]
    # command: ["start", "--log=console,file", "--log-file=/tmp/logs/keycloak.log"]
    cpus: 1
    mem_limit: 1024M
    security_opt:
@ -249,10 +257,10 @@ services:
    environment:
      - JAVA_OPTS_APPEND="-Djava.net.preferIPv4Stack=true"
    volumes:
-      - logs/keycloak:/tmp/logs
+      - ./logs/keycloak:/tmp/logs
-      - keycloak/imports/opendmp-realm.json:/opt/keycloak/data/import/opendmp-realm.json
+      - ./keycloak/imports/opendmp-realm.json:/opt/keycloak/data/import/opendmp-realm.json
-      - keycloak/certs/keycloak-selfsigned.crt:/tmp/keycloak-selfsigned.crt:ro
+      - ./keycloak/certs/keycloak-selfsigned.crt:/tmp/keycloak-selfsigned.crt:ro
-      - keycloak/certs/keycloak-selfsigned.key:/tmp/keycloak-selfsigned.key:ro
+      - ./keycloak/certs/keycloak-selfsigned.key:/tmp/keycloak-selfsigned.key:ro
    expose:
      - "8443"
    networks:
@ -261,34 +269,34 @@ services:
      - opendmp-keycloak-shared-network
 # ############################## RABBITMQ ###############################################
-#   opendmp.rabbitmq:
+  opendmp.rabbitmq:
-#     labels:
+    labels:
-#       NAME: "rabbitmq"
+      NAME: "rabbitmq"
-#     cpus: 1
+    cpus: 1
-#     mem_limit: 512m
+    mem_limit: 512m
-#     restart: unless-stopped
+    restart: unless-stopped
-#     expose:
+    ports:
-#       - "15672"
+      - "0.0.0.0:15672:15672"
-#       - "5672"
+      - "0.0.0.0:5672:5672"
-#     env_file:
+    env_file:
-#       - rabbitmq/rabbitmq.env
+      - rabbitmq/rabbitmq.env
-# #    volumes:
+    volumes:
-# #      - /rabbitmq/rabbitmq.config:/etc/rabbitmq/rabbitmq.config:ro
+     - /rabbitmq/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro
-#     networks:
+    networks:
-#       - opendmp-proxy-network
+      - opendmp-proxy-network
-#       - opendmp-rabbitmq-shared-network
+      - opendmp-rabbitmq-shared-network
 # ############################## GOTENBERG ##############################################
-#   opendmp.gotenberg:
+  opendmp.gotenberg:
-#     mem_limit: 2048m
+    mem_limit: 2048m
-#     restart: unless-stopped
+    restart: unless-stopped
-#     expose:
+    expose:
-#      - "3000"
+     - "3000"
-#     hostname: gotenberg
+    hostname: gotenberg
-#     env_file:
+    env_file:
-#       - gotenberg/gotenberg.env
+      - gotenberg/gotenberg.env
-#     networks:
+    networks:
-#       - opendmp-gotenberg-shared-network
+      - opendmp-gotenberg-shared-network
 networks:
  opendmp-elastic-network:
--- a/deployment/docker-compose.yml
+++ b/deployment/docker-compose.yml
@ -1,8 +1,11 @@
 services:
 ############################## PROXY ########################################
-#   opendmp.proxy:
+  opendmp.proxy:
-#       container_name: opendmp.proxy
+      container_name: opendmp.proxy
-#       image: nginx:${PROXY_TAG}
+      image: nginx:${PROXY_TAG}
      depends_on:
        - opendmp.keycloak
        # - opendmp.kibana
 # ############################## OPENDMP APP #################################
@ -63,13 +66,15 @@ services:
        POSTGRES_TAG: $POSTGRES_TAG
 ################################# ELK #################################################
-#   opendmp.elasticsearch:
+  # opendmp.elasticsearch:
-#     container_name: opendmp.elasticsearch
+  #   container_name: opendmp.elasticsearch
-#     image: elasticsearch
+  #   image: elasticsearch
-#     build:
+  #   build:
-#       context: /elk/elasticsearch/
+  #     context: ./elk/elasticsearch/
-#       args:
+  #     args:
-#         ELK_VERSION: $ELK_VERSION
+  #       ELK_VERSION: $ELK_VERSION
  #       DEPLOY_USER : $DEPLOY_USER
  #       DEPLOY_GROUP : $DEPLOY_GROUP
 #   # opendmp.logstash:
 #   #    container_name: opendmp.logstash
@ -81,15 +86,17 @@ services:
 #   #    depends_on:
 #   #      - opendmp.elasticsearch
-#   opendmp.kibana:
+  # opendmp.kibana:
-#     container_name: opendmp.kibana
+  #   container_name: opendmp.kibana
-#     image: kibana
+  #   image: kibana
-#     build:
+  #   build:
-#       context: /elk/kibana/
+  #     context: ./elk/kibana/
-#       args:
+  #     args:
-#         ELK_VERSION: $ELK_VERSION
+  #       ELK_VERSION: $ELK_VERSION
-#     depends_on:
+  #       DEPLOY_USER : $DEPLOY_USER
-#       - opendmp.elasticsearch
+  #       DEPLOY_GROUP : $DEPLOY_GROUP
  #   depends_on:
  #     - opendmp.elasticsearch
 #   # opendmp.filebeat:
 #   #   container_name: opendmp.filebeat
@ -105,13 +112,16 @@ services:
  opendmp.keycloak:
    container_name: opendmp.keycloak
    image: quay.io/keycloak/keycloak:${KEYCLOAK_TAG}
    depends_on:
      opendmp.postgres:
        condition: service_healthy
 # ############################## RABBITMQ ###############################################
-#   opendmp.rabbitmq:
+  opendmp.rabbitmq:
-#     container_name: opendmp.rabbitmq
+    container_name: opendmp.rabbitmq
-#     image: rabbitmq:${RABBITMQ_TAG}
+    image: rabbitmq:${RABBITMQ_TAG}
 # ############################## GOTENBERG ##############################################
-#   opendmp.gotenberg:
+  opendmp.gotenberg:
-#     image: gotenberg/gotenberg:${GOTENBERG_TAG}
+    image: gotenberg/gotenberg:${GOTENBERG_TAG}
-#     container_name: opendmp.gotenberg
+    container_name: opendmp.gotenberg
--- a/deployment/elk/elasticsearch/Dockerfile
+++ b/deployment/elk/elasticsearch/Dockerfile
@ -1,18 +1,23 @@
 ARG ELK_VERSION
 ARG DEPLOY_USER
-
+ARG DEPLOY_GROUP
 # https://github.com/elastic/elasticsearch-docker
 FROM docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION}
 ARG DEPLOY_USER
 ARG DEPLOY_GROUP
 ENV DEPLOY_USER $DEPLOY_USER
 ENV DEPLOY_GROUP $DEPLOY_GROUP
 RUN /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu && \ 
    /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-phonetic
 USER root
-RUN groupmod -g ${DEPLOY_USER} elasticsearch
+RUN groupmod -g ${DEPLOY_GROUP} elasticsearch
-RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_USER} elasticsearch
+RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_GROUP} elasticsearch
 RUN chown -R elasticsearch /usr/share/elasticsearch
-RUN sed -i -e 's/--userspec=1000/--userspec=${DEPLOY_USER}/g' \
+RUN sed -i -e 's/--userspec=1000/--userspec=1000/g' \
-           -e 's/UID 1000/UID ${DEPLOY_USER}/' \
+           -e 's/UID 1000/UID 1000/' \
-           -e 's/chown -R 1000/chown -R ${DEPLOY_USER}/' /usr/local/bin/docker-entrypoint.sh
+           -e 's/chown -R 1000/chown -R 1000/' /usr/local/bin/docker-entrypoint.sh
 RUN chown elasticsearch /usr/local/bin/docker-entrypoint.sh
 ENV JAVA_HOME /usr/share/elasticsearch/jdk
--- a/deployment/elk/kibana/Dockerfile
+++ b/deployment/elk/kibana/Dockerfile
@ -1,14 +1,21 @@
 ARG ELK_VERSION
 ARG DEPLOY_USER
 ARG DEPLOY_GROUP
 # https://github.com/elastic/kibana-docker
 FROM docker.elastic.co/kibana/kibana:${ELK_VERSION}
 ARG DEPLOY_USER
 ARG DEPLOY_GROUP
 ENV DEPLOY_USER $DEPLOY_USER
 ENV DEPLOY_GROUP $DEPLOY_GROUP
 USER root
-RUN groupmod -g 1008 kibana
+RUN groupmod -g ${DEPLOY_GROUP} kibana
-RUN usermod -u 1008 -g 1008 kibana
+RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_GROUP} kibana
 RUN chown -R kibana /usr/share/kibana
-USER 1008:1008
+USER ${DEPLOY_USER}:${DEPLOY_GROUP}
 # Add your kibana plugins setup here
 # Example: RUN kibana-plugin install <name|url>
--- a/deployment/keycloak/keycloak.env
+++ b/deployment/keycloak/keycloak.env
@ -5,14 +5,15 @@ KC_DB_URL_HOST=opendmp.postgres
 KC_DB_SCHEMA=public
 KC_DB_URL_DATABASE=keycloak
 KC_DB_PORT=5432
-KC_DB_USERNAME=keycloak-admin
+KC_DB_USERNAME=keycloak-psql
-KC_DB_PASSWORD=admin
+KC_DB_PASSWORD=keycloak-admin
 #Keycloak related configuration
-KEYCLOAK_ADMIN=opendmp-admin
+KEYCLOAK_ADMIN=keycloak-admin
 KEYCLOAK_ADMIN_PASSWORD=admin
-KC_HOSTNAME_URL=https://localhost:8082
+KC_HOSTNAME_URL=https://localhost:8082/keycloak
-KC_HOSTNAME_ADMIN_URL=https://localhost:8082
+KC_HOSTNAME_ADMIN_URL=https://localhost:8082/keycloak
 KC_HTTP_RELATIVE_PATH=/keycloak
 KC_PROXY_HEADERS=xforwarded
 KC_HOSTNAME_STRICT_HTTPS=true
 KC_HOSTNAME_STRICT_BACKCHANNEL=true
--- a/deployment/postgres/Dockerfile
+++ b/deployment/postgres/Dockerfile
@ -3,7 +3,6 @@ ARG DEPLOY_USER
 ARG DEPLOY_GROUP
 FROM postgres:${POSTGRES_TAG}
 COPY ./opendmp_init.sql /docker-entrypoint-initdb.d/
 COPY ./keycloak_init.sql /docker-entrypoint-initdb.d/
 COPY ./user_init.sql /docker-entrypoint-initdb.d/
 ENTRYPOINT ["docker-entrypoint.sh"]
 EXPOSE 5432
--- a/deployment/postgres/opendmp_init.sql
+++ b/deployment/postgres/opendmp_init.sql
@ -1,12 +1,3 @@
 --
 -- PostgreSQL database dump
 --
 -- Dumped from database version 16.2
 -- Dumped by pg_dump version 16.2
 -- Started on 2024-04-25 13:31:48
 SET statement_timeout = 0;
 SET lock_timeout = 0;
 SET idle_in_transaction_session_timeout = 0;
@ -20,13 +11,13 @@ SET row_security = off;
 --
 -- TOC entry 4132 (class 1262 OID 49907)
-- Name: opendmp-test; Type: DATABASE; Schema: -; Owner: -
+-- Name: opendmp; Type: DATABASE; Schema: -; Owner: -
 --
-CREATE DATABASE "opendmp-test" WITH TEMPLATE = template0 ENCODING = 'UTF8' LOCALE_PROVIDER = libc LOCALE = 'en_US.utf8';
+CREATE DATABASE "opendmp" WITH TEMPLATE = template0 ENCODING = 'UTF8' LOCALE_PROVIDER = libc LOCALE = 'en_US.utf8';
-\connect -reuse-previous=on "dbname='opendmp-test'"
+\connect -reuse-previous=on "dbname='opendmp'"
 SET statement_timeout = 0;
 SET lock_timeout = 0;
--- a/deployment/postgres/postgres.env
+++ b/deployment/postgres/postgres.env
@ -1,4 +1,3 @@
 #################### POSTGRES ########################
 POSTGRES_USER=postgres
-POSTGRES_PASSWORD=changeme
+POSTGRES_PASSWORD=postgres-admin
 PGDATA=/var/lib/postgresql/data/
--- a/deployment/postgres/user_init.sql
+++ b/deployment/postgres/user_init.sql
@ -1,4 +1,4 @@
-CREATE USER keycloak_psql WITH PASSWORD 'keycloak-admin';
+CREATE USER "keycloak-psql" WITH PASSWORD 'keycloak-admin';
-ALTER DATABASE keycloak OWNER TO keycloak_psql;
+CREATE DATABASE keycloak WITH OWNER "keycloak-psql";
-CREATE USER opendmp_psql WITH PASSWORD 'opendmp-admin';
+CREATE USER "opendmp-psql" WITH PASSWORD 'opendmp-admin';
-ALTER DATABASE "opendmp-test" OWNER TO opendmp_psql;
+ALTER DATABASE "opendmp" OWNER TO "opendmp-psql";
--- a/deployment/proxy/ProxyNginx.conf
+++ b/deployment/proxy/ProxyNginx.conf
@ -6,6 +6,8 @@ server {
 }
 server {
    set $app_host $APP_HOST;
    set $app_port $APP_PORT;
    listen 8080;
    server_name  ${APP_HOST}${APP_PORT};
    location / {
@ -13,74 +15,88 @@ server {
    }    
 }
 # server {
 #     set $app_host $APP_HOST;
 #     set $app_port $APP_PORT;
 #     listen 8081 ssl;
 #     ssl_certificate /certifcates/cert.crt;
 #     ssl_certificate_key /certifcates/key.key;
 #     server_name  ${APP_HOST}${APP_PORT};
 #     proxy_pass_header Server;
 #     add_header X-XSS-Protection "1; mode=block" always;
 #     add_header X-Content-Type-Options nosniff;
 #     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
 #     add_header Referrer-Policy 'strict-origin' always;
 #     add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always;
 #     add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always;
 #     location / {
 #         proxy_set_header        Host $host;
 #         proxy_set_header        X-Real-IP $remote_addr;
 #         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
 #         proxy_set_header        X-Forwarded-Proto $scheme;
 #         # Fix the “It appears that your reverse proxy set up is broken" error.
 #         proxy_pass              http://opendmp.frontend:8080;
 #         proxy_read_timeout      90;
 #         proxy_redirect          http://opendmp.frontend:8080 https://${APP_HOST}${APP_PORT};
 #     }
 #     location /api/ {
 #         proxy_set_header        Host $host;
 #         proxy_set_header        X-Real-IP $remote_addr;
 #         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
 #         proxy_set_header        X-Forwarded-Proto $scheme;
 #         # Fix the “It appears that your reverse proxy set up is broken" error.
 #         proxy_pass              http://opendmp.backend:8080;
 #         proxy_read_timeout      90;
 #         proxy_redirect          http://opendmp.backend:8080 https://${APP_HOST}${APP_PORT}/api;
 #     }
 #     location /api/notification/ {
 #         proxy_set_header        Host $host;
 #         proxy_set_header        X-Real-IP $remote_addr;
 #         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
 #         proxy_set_header        X-Forwarded-Proto $scheme;
 #         # Fix the “It appears that your reverse proxy set up is broken" error.
 #         proxy_pass              http://opendmp.notification:8080;
 #         proxy_read_timeout      90;
 #         proxy_redirect          http://opendmp.notification:8080 https://${APP_HOST}${APP_PORT}/api/notification;
 #     }
 #     location /api/annotation/ {
 #         proxy_set_header        Host $host;
 #         proxy_set_header        X-Real-IP $remote_addr;
 #         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
 #         proxy_set_header        X-Forwarded-Proto $scheme;
 #         # Fix the “It appears that your reverse proxy set up is broken" error.
 #         proxy_pass              http://opendmp.annotation:8080;
 #         proxy_read_timeout      90;
 #         proxy_redirect          http://opendmp.annotation:8080 https://${APP_HOST}${APP_PORT}/api/annotation;
 #     }
 # }
 server {
-    listen 8081 ssl;
+    set $ms_host $MS_HOST;
-    ssl_certificate /certifcates/cert.crt;
+    set $ms_port $MS_PORT;
-    ssl_certificate_key /certifcates/key.key;
+    listen 8080;
-    server_name  ${APP_HOST}${APP_PORT};
+    server_name  ${MS_HOST}${MS_PORT};
    proxy_pass_header Server;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options nosniff;
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
    add_header Referrer-Policy 'strict-origin' always;
    add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always;
    add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always;
    location / {
-
+        return 301 https://$host$request_uri;
-        proxy_set_header        Host $host;
+    }    
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        # Fix the “It appears that your reverse proxy set up is broken" error.
        proxy_pass              http://opendmp.frontend:8080;
        proxy_read_timeout      90;
        proxy_redirect          http://opendmp.frontend:8080 https://${APP_HOST}${APP_PORT};
    }
    location /api/ {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        # Fix the “It appears that your reverse proxy set up is broken" error.
        proxy_pass              http://opendmp.backend:8080;
        proxy_read_timeout      90;
        proxy_redirect          http://opendmp.backend:8080 https://${APP_HOST}${APP_PORT}/api;
    }
    location /api/notification/ {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        # Fix the “It appears that your reverse proxy set up is broken" error.
        proxy_pass              http://opendmp.notification:8080;
        proxy_read_timeout      90;
        proxy_redirect          http://opendmp.notification:8080 https://${APP_HOST}${APP_PORT}/api/notification;
    }
    location /api/annotation/ {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        # Fix the “It appears that your reverse proxy set up is broken" error.
        proxy_pass              http://opendmp.annotation:8080;
        proxy_read_timeout      90;
        proxy_redirect          http://opendmp.annotation:8080 https://${APP_HOST}${APP_PORT}/api/annotation;
    }
 }
 server {
    set $ms_host $MS_HOST;
    set $ms_port $MS_PORT;
    listen 8082 ssl;
    ssl_certificate /certifcates/cert.crt;
    ssl_certificate_key /certifcates/key.key;
@ -111,23 +127,6 @@ server {
        proxy_redirect          http://opendmp.keycloak:8443 https://${MS_HOST}${MS_PORT}/keycloak;
    }
    location /rabbitmq/ {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_set_header        X-Forwarded-Port   $server_port;
        proxy_set_header        X-Forwarded-Host   $host;
        proxy_set_header        X-Forwarded-Server $host;
        # Fix the “It appears that your reverse proxy set up is broken" error.
        proxy_pass              https://opendmp.rabbitmq:15672;
        proxy_read_timeout      90;
        proxy_redirect          http://opendmp.rabbitmq:15672 https://${MS_HOST}${MS_PORT}/rabbitmq;
    }
    location /elastic/ {
        proxy_set_header        Host $host;
--- a/deployment/rabbitmq/rabbitmq.conf
+++ b/deployment/rabbitmq/rabbitmq.conf
@ -0,0 +1,2 @@
 deprecated_features.permit.management_metrics_collection = false
 proxy_protocol = true
--- a/deployment/rabbitmq/rabbitmq.env
+++ b/deployment/rabbitmq/rabbitmq.env
@ -1,3 +1,3 @@
 RABBITMQ_DEFAULT_USER=guest
 RABBITMQ_DEFAULT_PASS=guest
-RABBITMQ_DEFAULT_VHOST=/rabbitmq/
+RABBITMQ_DEFAULT_VHOST=/
		`@ -0,0 +1,2 @@`
							`deprecated_features.permit.management_metrics_collection = false`
							`proxy_protocol = true`