Finalize deployment for keycloak, rabbitmq, and gotenberg
This commit is contained in:
parent
52799fdd7d
commit
f1c1503b1c
|
@ -11,7 +11,7 @@ DOCX_APP_TAG=0.0.8
|
|||
JSON_APP_TAG=0.0.6
|
||||
ZENODO_APP_TAG=2.0.4
|
||||
POSTGRES_TAG=16-alpine
|
||||
ELK_VERSION=8.13.12
|
||||
ELK_VERSION=8.13.0
|
||||
KEYCLOAK_TAG=24.0.2
|
||||
RABBITMQ_TAG=3.13-management
|
||||
GOTENBERG_TAG=8.4.0
|
||||
|
|
|
@ -1,23 +1,24 @@
|
|||
services:
|
||||
############################## PROXY ########################################
|
||||
# opendmp.proxy:
|
||||
# user: ${DEPLOY_USER}:${DEPLOY_GROUP}
|
||||
# restart: unless-stopped
|
||||
# cpus: 1
|
||||
# mem_limit: 256m
|
||||
# ports:
|
||||
# - "${PROXY_APP_PORT}:8081"
|
||||
# - "${PROXY_MS_PORT}:8082"
|
||||
# env_file:
|
||||
# - proxy/proxy.env
|
||||
# volumes:
|
||||
# - proxy/nginx.conf:/etc/nginx/nginx.conf
|
||||
# - proxy/ProxyNginx.conf:/etc/nginx/conf.d/default.conf
|
||||
# - proxy/nginx-selfsigned.crt:/certifcates/cert.crt
|
||||
# - proxy/nginx-selfsigned.key:/certifcates/key.key
|
||||
# - logs/proxy:/tmp/logs
|
||||
# networks:
|
||||
# - opendmp-proxy-network
|
||||
opendmp.proxy:
|
||||
user: ${DEPLOY_USER}:${DEPLOY_GROUP}
|
||||
restart: unless-stopped
|
||||
cpus: 1
|
||||
mem_limit: 256m
|
||||
ports:
|
||||
- "${PROXY_APP_PORT}:8081"
|
||||
- "${PROXY_MS_PORT}:8082"
|
||||
env_file:
|
||||
- ./proxy/proxy.env
|
||||
volumes:
|
||||
# - ./proxy/template-variables:/etc/nginx/templates/10-variables.conf.template:ro
|
||||
- ./proxy/nginx.conf:/etc/nginx/nginx.conf
|
||||
- ./proxy/ProxyNginx.conf:/etc/nginx/conf.d/default.conf
|
||||
- ./proxy/nginx-selfsigned.crt:/certifcates/cert.crt
|
||||
- ./proxy/nginx-selfsigned.key:/certifcates/key.key
|
||||
- ./logs/proxy:/tmp/logs
|
||||
networks:
|
||||
- opendmp-proxy-network
|
||||
|
||||
############################## OPENDMP APP #################################
|
||||
# opendmp.backend:
|
||||
|
@ -171,11 +172,17 @@ services:
|
|||
# - "127.0.0.1:${POSTGRES_PORT}:5432" # If you want to make it accessible locally only
|
||||
- "${POSTGRES_PORT}:5432"
|
||||
env_file:
|
||||
- postgres/postgres.env
|
||||
- ./postgres/postgres.env
|
||||
volumes:
|
||||
- ./storage/postgres/data:/var/lib/postgresql/data
|
||||
networks:
|
||||
- opendmp-postgres-shared-network
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "sh -c 'pg_isready -U opendmp-psql -d opendmp'"]
|
||||
interval: 15s
|
||||
timeout: 60s
|
||||
retries: 5
|
||||
|
||||
|
||||
################################# ELK #################################################
|
||||
# opendmp.elasticsearch:
|
||||
|
@ -188,18 +195,18 @@ services:
|
|||
# env_file:
|
||||
# - elk/config-elk/elasticsearch/elastic.env
|
||||
# environment:
|
||||
# - "ES_JAVA_OPTS=-Xmx512m -Xms512m"
|
||||
# - ES_JAVA_OPTS=-Xmx512m -Xms512m
|
||||
# ulimits:
|
||||
# nproc: 65535
|
||||
# memlock:
|
||||
# soft: -1
|
||||
# hard: -1
|
||||
# volumes:
|
||||
# - elk/config-elk/elasticsearch/certificates:/usr/share/elasticsearch/config/certificates
|
||||
# - elk/config-elk/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro
|
||||
# - elk/config-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
|
||||
# - elk/data-elk/elasticsearch-data:/usr/share/elasticsearch/data
|
||||
# - elk/data-elk/elasticsearch-log:/usr/share/elasticsearch/logs
|
||||
# - ./elk/config-elk/elasticsearch/certificates:/usr/share/elasticsearch/config/certificates
|
||||
# - ./elk/config-elk/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro
|
||||
# - ./elk/config-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
|
||||
# - ./elk/data-elk/elasticsearch-data:/usr/share/elasticsearch/data
|
||||
# - ./elk/data-elk/elasticsearch-log:/usr/share/elasticsearch/logs
|
||||
# expose:
|
||||
# - "9200"
|
||||
# - "9300"
|
||||
|
@ -225,9 +232,9 @@ services:
|
|||
# - xpack.license.self_generated.type=basic
|
||||
# - xpack.security.enabled=true
|
||||
# volumes:
|
||||
# - elk/config-elk/kibana/certificates:/usr/share/kibana/certificates
|
||||
# - elk/config-elk/kibana/certificates/ca:/usr/share/kibana/certificate_authorities
|
||||
# - elk/config-elk/kibana/config:/usr/share/kibana/config:ro
|
||||
# - ./elk/config-elk/kibana/certificates:/usr/share/kibana/certificates
|
||||
# - ./elk/config-elk/kibana/certificates/ca:/usr/share/kibana/certificate_authorities
|
||||
# - ./elk/config-elk/kibana/config:/usr/share/kibana/config:ro
|
||||
# expose:
|
||||
# - "5601"
|
||||
# networks:
|
||||
|
@ -240,6 +247,7 @@ services:
|
|||
opendmp.keycloak:
|
||||
restart: unless-stopped
|
||||
command: ["start", "--log=console,file", "--log-file=/tmp/logs/keycloak.log", "--import-realm"]
|
||||
# command: ["start", "--log=console,file", "--log-file=/tmp/logs/keycloak.log"]
|
||||
cpus: 1
|
||||
mem_limit: 1024M
|
||||
security_opt:
|
||||
|
@ -249,10 +257,10 @@ services:
|
|||
environment:
|
||||
- JAVA_OPTS_APPEND="-Djava.net.preferIPv4Stack=true"
|
||||
volumes:
|
||||
- logs/keycloak:/tmp/logs
|
||||
- keycloak/imports/opendmp-realm.json:/opt/keycloak/data/import/opendmp-realm.json
|
||||
- keycloak/certs/keycloak-selfsigned.crt:/tmp/keycloak-selfsigned.crt:ro
|
||||
- keycloak/certs/keycloak-selfsigned.key:/tmp/keycloak-selfsigned.key:ro
|
||||
- ./logs/keycloak:/tmp/logs
|
||||
- ./keycloak/imports/opendmp-realm.json:/opt/keycloak/data/import/opendmp-realm.json
|
||||
- ./keycloak/certs/keycloak-selfsigned.crt:/tmp/keycloak-selfsigned.crt:ro
|
||||
- ./keycloak/certs/keycloak-selfsigned.key:/tmp/keycloak-selfsigned.key:ro
|
||||
expose:
|
||||
- "8443"
|
||||
networks:
|
||||
|
@ -261,34 +269,34 @@ services:
|
|||
- opendmp-keycloak-shared-network
|
||||
|
||||
# ############################## RABBITMQ ###############################################
|
||||
# opendmp.rabbitmq:
|
||||
# labels:
|
||||
# NAME: "rabbitmq"
|
||||
# cpus: 1
|
||||
# mem_limit: 512m
|
||||
# restart: unless-stopped
|
||||
# expose:
|
||||
# - "15672"
|
||||
# - "5672"
|
||||
# env_file:
|
||||
# - rabbitmq/rabbitmq.env
|
||||
# # volumes:
|
||||
# # - /rabbitmq/rabbitmq.config:/etc/rabbitmq/rabbitmq.config:ro
|
||||
# networks:
|
||||
# - opendmp-proxy-network
|
||||
# - opendmp-rabbitmq-shared-network
|
||||
opendmp.rabbitmq:
|
||||
labels:
|
||||
NAME: "rabbitmq"
|
||||
cpus: 1
|
||||
mem_limit: 512m
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "0.0.0.0:15672:15672"
|
||||
- "0.0.0.0:5672:5672"
|
||||
env_file:
|
||||
- rabbitmq/rabbitmq.env
|
||||
volumes:
|
||||
- /rabbitmq/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro
|
||||
networks:
|
||||
- opendmp-proxy-network
|
||||
- opendmp-rabbitmq-shared-network
|
||||
|
||||
# ############################## GOTENBERG ##############################################
|
||||
# opendmp.gotenberg:
|
||||
# mem_limit: 2048m
|
||||
# restart: unless-stopped
|
||||
# expose:
|
||||
# - "3000"
|
||||
# hostname: gotenberg
|
||||
# env_file:
|
||||
# - gotenberg/gotenberg.env
|
||||
# networks:
|
||||
# - opendmp-gotenberg-shared-network
|
||||
opendmp.gotenberg:
|
||||
mem_limit: 2048m
|
||||
restart: unless-stopped
|
||||
expose:
|
||||
- "3000"
|
||||
hostname: gotenberg
|
||||
env_file:
|
||||
- gotenberg/gotenberg.env
|
||||
networks:
|
||||
- opendmp-gotenberg-shared-network
|
||||
|
||||
networks:
|
||||
opendmp-elastic-network:
|
||||
|
|
|
@ -1,8 +1,11 @@
|
|||
services:
|
||||
############################## PROXY ########################################
|
||||
# opendmp.proxy:
|
||||
# container_name: opendmp.proxy
|
||||
# image: nginx:${PROXY_TAG}
|
||||
opendmp.proxy:
|
||||
container_name: opendmp.proxy
|
||||
image: nginx:${PROXY_TAG}
|
||||
depends_on:
|
||||
- opendmp.keycloak
|
||||
# - opendmp.kibana
|
||||
|
||||
# ############################## OPENDMP APP #################################
|
||||
|
||||
|
@ -67,9 +70,11 @@ services:
|
|||
# container_name: opendmp.elasticsearch
|
||||
# image: elasticsearch
|
||||
# build:
|
||||
# context: /elk/elasticsearch/
|
||||
# context: ./elk/elasticsearch/
|
||||
# args:
|
||||
# ELK_VERSION: $ELK_VERSION
|
||||
# DEPLOY_USER : $DEPLOY_USER
|
||||
# DEPLOY_GROUP : $DEPLOY_GROUP
|
||||
|
||||
# # opendmp.logstash:
|
||||
# # container_name: opendmp.logstash
|
||||
|
@ -85,9 +90,11 @@ services:
|
|||
# container_name: opendmp.kibana
|
||||
# image: kibana
|
||||
# build:
|
||||
# context: /elk/kibana/
|
||||
# context: ./elk/kibana/
|
||||
# args:
|
||||
# ELK_VERSION: $ELK_VERSION
|
||||
# DEPLOY_USER : $DEPLOY_USER
|
||||
# DEPLOY_GROUP : $DEPLOY_GROUP
|
||||
# depends_on:
|
||||
# - opendmp.elasticsearch
|
||||
|
||||
|
@ -105,13 +112,16 @@ services:
|
|||
opendmp.keycloak:
|
||||
container_name: opendmp.keycloak
|
||||
image: quay.io/keycloak/keycloak:${KEYCLOAK_TAG}
|
||||
depends_on:
|
||||
opendmp.postgres:
|
||||
condition: service_healthy
|
||||
|
||||
# ############################## RABBITMQ ###############################################
|
||||
# opendmp.rabbitmq:
|
||||
# container_name: opendmp.rabbitmq
|
||||
# image: rabbitmq:${RABBITMQ_TAG}
|
||||
opendmp.rabbitmq:
|
||||
container_name: opendmp.rabbitmq
|
||||
image: rabbitmq:${RABBITMQ_TAG}
|
||||
|
||||
# ############################## GOTENBERG ##############################################
|
||||
# opendmp.gotenberg:
|
||||
# image: gotenberg/gotenberg:${GOTENBERG_TAG}
|
||||
# container_name: opendmp.gotenberg
|
||||
opendmp.gotenberg:
|
||||
image: gotenberg/gotenberg:${GOTENBERG_TAG}
|
||||
container_name: opendmp.gotenberg
|
||||
|
|
|
@ -1,18 +1,23 @@
|
|||
ARG ELK_VERSION
|
||||
ARG DEPLOY_USER
|
||||
|
||||
ARG DEPLOY_GROUP
|
||||
# https://github.com/elastic/elasticsearch-docker
|
||||
FROM docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION}
|
||||
|
||||
ARG DEPLOY_USER
|
||||
ARG DEPLOY_GROUP
|
||||
ENV DEPLOY_USER $DEPLOY_USER
|
||||
ENV DEPLOY_GROUP $DEPLOY_GROUP
|
||||
|
||||
RUN /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu && \
|
||||
/usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-phonetic
|
||||
USER root
|
||||
RUN groupmod -g ${DEPLOY_USER} elasticsearch
|
||||
RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_USER} elasticsearch
|
||||
RUN groupmod -g ${DEPLOY_GROUP} elasticsearch
|
||||
RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_GROUP} elasticsearch
|
||||
RUN chown -R elasticsearch /usr/share/elasticsearch
|
||||
RUN sed -i -e 's/--userspec=1000/--userspec=${DEPLOY_USER}/g' \
|
||||
-e 's/UID 1000/UID ${DEPLOY_USER}/' \
|
||||
-e 's/chown -R 1000/chown -R ${DEPLOY_USER}/' /usr/local/bin/docker-entrypoint.sh
|
||||
RUN sed -i -e 's/--userspec=1000/--userspec=1000/g' \
|
||||
-e 's/UID 1000/UID 1000/' \
|
||||
-e 's/chown -R 1000/chown -R 1000/' /usr/local/bin/docker-entrypoint.sh
|
||||
RUN chown elasticsearch /usr/local/bin/docker-entrypoint.sh
|
||||
|
||||
ENV JAVA_HOME /usr/share/elasticsearch/jdk
|
|
@ -1,14 +1,21 @@
|
|||
ARG ELK_VERSION
|
||||
ARG DEPLOY_USER
|
||||
ARG DEPLOY_GROUP
|
||||
|
||||
# https://github.com/elastic/kibana-docker
|
||||
FROM docker.elastic.co/kibana/kibana:${ELK_VERSION}
|
||||
|
||||
ARG DEPLOY_USER
|
||||
ARG DEPLOY_GROUP
|
||||
ENV DEPLOY_USER $DEPLOY_USER
|
||||
ENV DEPLOY_GROUP $DEPLOY_GROUP
|
||||
|
||||
USER root
|
||||
RUN groupmod -g 1008 kibana
|
||||
RUN usermod -u 1008 -g 1008 kibana
|
||||
RUN groupmod -g ${DEPLOY_GROUP} kibana
|
||||
RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_GROUP} kibana
|
||||
RUN chown -R kibana /usr/share/kibana
|
||||
|
||||
USER 1008:1008
|
||||
USER ${DEPLOY_USER}:${DEPLOY_GROUP}
|
||||
|
||||
# Add your kibana plugins setup here
|
||||
# Example: RUN kibana-plugin install <name|url>
|
||||
|
|
|
@ -5,14 +5,15 @@ KC_DB_URL_HOST=opendmp.postgres
|
|||
KC_DB_SCHEMA=public
|
||||
KC_DB_URL_DATABASE=keycloak
|
||||
KC_DB_PORT=5432
|
||||
KC_DB_USERNAME=keycloak-admin
|
||||
KC_DB_PASSWORD=admin
|
||||
KC_DB_USERNAME=keycloak-psql
|
||||
KC_DB_PASSWORD=keycloak-admin
|
||||
|
||||
#Keycloak related configuration
|
||||
KEYCLOAK_ADMIN=opendmp-admin
|
||||
KEYCLOAK_ADMIN=keycloak-admin
|
||||
KEYCLOAK_ADMIN_PASSWORD=admin
|
||||
KC_HOSTNAME_URL=https://localhost:8082
|
||||
KC_HOSTNAME_ADMIN_URL=https://localhost:8082
|
||||
KC_HOSTNAME_URL=https://localhost:8082/keycloak
|
||||
KC_HOSTNAME_ADMIN_URL=https://localhost:8082/keycloak
|
||||
KC_HTTP_RELATIVE_PATH=/keycloak
|
||||
KC_PROXY_HEADERS=xforwarded
|
||||
KC_HOSTNAME_STRICT_HTTPS=true
|
||||
KC_HOSTNAME_STRICT_BACKCHANNEL=true
|
||||
|
|
|
@ -3,7 +3,6 @@ ARG DEPLOY_USER
|
|||
ARG DEPLOY_GROUP
|
||||
FROM postgres:${POSTGRES_TAG}
|
||||
COPY ./opendmp_init.sql /docker-entrypoint-initdb.d/
|
||||
COPY ./keycloak_init.sql /docker-entrypoint-initdb.d/
|
||||
COPY ./user_init.sql /docker-entrypoint-initdb.d/
|
||||
ENTRYPOINT ["docker-entrypoint.sh"]
|
||||
EXPOSE 5432
|
||||
|
|
|
@ -1,12 +1,3 @@
|
|||
--
|
||||
-- PostgreSQL database dump
|
||||
--
|
||||
|
||||
-- Dumped from database version 16.2
|
||||
-- Dumped by pg_dump version 16.2
|
||||
|
||||
-- Started on 2024-04-25 13:31:48
|
||||
|
||||
SET statement_timeout = 0;
|
||||
SET lock_timeout = 0;
|
||||
SET idle_in_transaction_session_timeout = 0;
|
||||
|
@ -20,13 +11,13 @@ SET row_security = off;
|
|||
|
||||
--
|
||||
-- TOC entry 4132 (class 1262 OID 49907)
|
||||
-- Name: opendmp-test; Type: DATABASE; Schema: -; Owner: -
|
||||
-- Name: opendmp; Type: DATABASE; Schema: -; Owner: -
|
||||
--
|
||||
|
||||
CREATE DATABASE "opendmp-test" WITH TEMPLATE = template0 ENCODING = 'UTF8' LOCALE_PROVIDER = libc LOCALE = 'en_US.utf8';
|
||||
CREATE DATABASE "opendmp" WITH TEMPLATE = template0 ENCODING = 'UTF8' LOCALE_PROVIDER = libc LOCALE = 'en_US.utf8';
|
||||
|
||||
|
||||
\connect -reuse-previous=on "dbname='opendmp-test'"
|
||||
\connect -reuse-previous=on "dbname='opendmp'"
|
||||
|
||||
SET statement_timeout = 0;
|
||||
SET lock_timeout = 0;
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
#################### POSTGRES ########################
|
||||
POSTGRES_USER=postgres
|
||||
POSTGRES_PASSWORD=changeme
|
||||
PGDATA=/var/lib/postgresql/data/
|
||||
POSTGRES_PASSWORD=postgres-admin
|
|
@ -1,4 +1,4 @@
|
|||
CREATE USER keycloak_psql WITH PASSWORD 'keycloak-admin';
|
||||
ALTER DATABASE keycloak OWNER TO keycloak_psql;
|
||||
CREATE USER opendmp_psql WITH PASSWORD 'opendmp-admin';
|
||||
ALTER DATABASE "opendmp-test" OWNER TO opendmp_psql;
|
||||
CREATE USER "keycloak-psql" WITH PASSWORD 'keycloak-admin';
|
||||
CREATE DATABASE keycloak WITH OWNER "keycloak-psql";
|
||||
CREATE USER "opendmp-psql" WITH PASSWORD 'opendmp-admin';
|
||||
ALTER DATABASE "opendmp" OWNER TO "opendmp-psql";
|
|
@ -6,6 +6,8 @@ server {
|
|||
}
|
||||
|
||||
server {
|
||||
set $app_host $APP_HOST;
|
||||
set $app_port $APP_PORT;
|
||||
listen 8080;
|
||||
server_name ${APP_HOST}${APP_PORT};
|
||||
location / {
|
||||
|
@ -13,74 +15,88 @@ server {
|
|||
}
|
||||
}
|
||||
|
||||
# server {
|
||||
# set $app_host $APP_HOST;
|
||||
# set $app_port $APP_PORT;
|
||||
# listen 8081 ssl;
|
||||
# ssl_certificate /certifcates/cert.crt;
|
||||
# ssl_certificate_key /certifcates/key.key;
|
||||
# server_name ${APP_HOST}${APP_PORT};
|
||||
# proxy_pass_header Server;
|
||||
|
||||
# add_header X-XSS-Protection "1; mode=block" always;
|
||||
# add_header X-Content-Type-Options nosniff;
|
||||
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
||||
# add_header Referrer-Policy 'strict-origin' always;
|
||||
# add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always;
|
||||
# add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always;
|
||||
|
||||
# location / {
|
||||
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# # Fix the “It appears that your reverse proxy set up is broken" error.
|
||||
# proxy_pass http://opendmp.frontend:8080;
|
||||
# proxy_read_timeout 90;
|
||||
# proxy_redirect http://opendmp.frontend:8080 https://${APP_HOST}${APP_PORT};
|
||||
# }
|
||||
|
||||
# location /api/ {
|
||||
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# # Fix the “It appears that your reverse proxy set up is broken" error.
|
||||
# proxy_pass http://opendmp.backend:8080;
|
||||
# proxy_read_timeout 90;
|
||||
# proxy_redirect http://opendmp.backend:8080 https://${APP_HOST}${APP_PORT}/api;
|
||||
# }
|
||||
|
||||
# location /api/notification/ {
|
||||
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# # Fix the “It appears that your reverse proxy set up is broken" error.
|
||||
# proxy_pass http://opendmp.notification:8080;
|
||||
# proxy_read_timeout 90;
|
||||
# proxy_redirect http://opendmp.notification:8080 https://${APP_HOST}${APP_PORT}/api/notification;
|
||||
# }
|
||||
|
||||
# location /api/annotation/ {
|
||||
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# # Fix the “It appears that your reverse proxy set up is broken" error.
|
||||
# proxy_pass http://opendmp.annotation:8080;
|
||||
# proxy_read_timeout 90;
|
||||
# proxy_redirect http://opendmp.annotation:8080 https://${APP_HOST}${APP_PORT}/api/annotation;
|
||||
# }
|
||||
# }
|
||||
|
||||
server {
|
||||
listen 8081 ssl;
|
||||
ssl_certificate /certifcates/cert.crt;
|
||||
ssl_certificate_key /certifcates/key.key;
|
||||
server_name ${APP_HOST}${APP_PORT};
|
||||
proxy_pass_header Server;
|
||||
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
||||
add_header Referrer-Policy 'strict-origin' always;
|
||||
add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always;
|
||||
add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always;
|
||||
|
||||
set $ms_host $MS_HOST;
|
||||
set $ms_port $MS_PORT;
|
||||
listen 8080;
|
||||
server_name ${MS_HOST}${MS_PORT};
|
||||
location / {
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# Fix the “It appears that your reverse proxy set up is broken" error.
|
||||
proxy_pass http://opendmp.frontend:8080;
|
||||
proxy_read_timeout 90;
|
||||
proxy_redirect http://opendmp.frontend:8080 https://${APP_HOST}${APP_PORT};
|
||||
}
|
||||
|
||||
location /api/ {
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# Fix the “It appears that your reverse proxy set up is broken" error.
|
||||
proxy_pass http://opendmp.backend:8080;
|
||||
proxy_read_timeout 90;
|
||||
proxy_redirect http://opendmp.backend:8080 https://${APP_HOST}${APP_PORT}/api;
|
||||
}
|
||||
|
||||
location /api/notification/ {
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# Fix the “It appears that your reverse proxy set up is broken" error.
|
||||
proxy_pass http://opendmp.notification:8080;
|
||||
proxy_read_timeout 90;
|
||||
proxy_redirect http://opendmp.notification:8080 https://${APP_HOST}${APP_PORT}/api/notification;
|
||||
}
|
||||
|
||||
location /api/annotation/ {
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# Fix the “It appears that your reverse proxy set up is broken" error.
|
||||
proxy_pass http://opendmp.annotation:8080;
|
||||
proxy_read_timeout 90;
|
||||
proxy_redirect http://opendmp.annotation:8080 https://${APP_HOST}${APP_PORT}/api/annotation;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
set $ms_host $MS_HOST;
|
||||
set $ms_port $MS_PORT;
|
||||
listen 8082 ssl;
|
||||
ssl_certificate /certifcates/cert.crt;
|
||||
ssl_certificate_key /certifcates/key.key;
|
||||
|
@ -111,23 +127,6 @@ server {
|
|||
proxy_redirect http://opendmp.keycloak:8443 https://${MS_HOST}${MS_PORT}/keycloak;
|
||||
}
|
||||
|
||||
location /rabbitmq/ {
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
|
||||
# Fix the “It appears that your reverse proxy set up is broken" error.
|
||||
proxy_pass https://opendmp.rabbitmq:15672;
|
||||
proxy_read_timeout 90;
|
||||
|
||||
proxy_redirect http://opendmp.rabbitmq:15672 https://${MS_HOST}${MS_PORT}/rabbitmq;
|
||||
}
|
||||
|
||||
location /elastic/ {
|
||||
|
||||
proxy_set_header Host $host;
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
deprecated_features.permit.management_metrics_collection = false
|
||||
proxy_protocol = true
|
|
@ -1,3 +1,3 @@
|
|||
RABBITMQ_DEFAULT_USER=guest
|
||||
RABBITMQ_DEFAULT_PASS=guest
|
||||
RABBITMQ_DEFAULT_VHOST=/rabbitmq/
|
||||
RABBITMQ_DEFAULT_VHOST=/
|
Loading…
Reference in New Issue