init microservice deployment commit

.env

@@ -1,5 +0,0 @@
-PROFILE=docker
-
-# Version of Elastic products
-ELK_VERSION=7.17.4
-STACK_VERSION=7.17.4

Jenkinsfile

@@ -1,66 +0,0 @@
-def pipelineContext = [:]
-
-pipeline {
-	agent any
- 
-    options {
-        skipDefaultCheckout(true)
-    }
-
-    stages {
-		stage('Checkout') {
-			steps {
-				checkout scm
-			}
-		}
-        stage('Build API') {
-            steps {
-				script {
-					pipelineContext.apiImage = docker.build("open-dmp-api:${env.BUILD_ID}", "-f dmp-backend/Dockerfile.CI dmp-backend/")
-				}
-            }
-        }
-		stage('Build WebApp') {
-            steps {
-				script {
-					pipelineContext.webappImage = docker.build("open-dmp-webapp:${env.BUILD_ID}", "-f dmp-frontend/Dockerfile.CI dmp-frontend/")
-				}
-            }
-        }
-		//stage('SonarQube analysis') {
-		//	steps {
-		//		 script {
-		//			def scannerHome = tool 'SonarQube Scanner 4.3';
-		//			withSonarQubeEnv('SonarQube') { // If you have configured more than one global server connection, you can specify its name
-		//				sh "${scannerHome}/bin/sonar-scanner"
-		//			}
-		//		}
-		//	}
-		//}
-		//// waiting for sonar results based into the configured web hook in Sonar server which push the status back to jenkins
-        //stage('SonarQube scan result check') {
-        //    steps {
-        //        timeout(time: 2, unit: 'MINUTES') {
-        //            retry(3) {
-        //                script {
-        //                    def qg = waitForQualityGate()
-        //                    if (qg.status != 'OK') {
-        //                        error "Pipeline aborted due to quality gate failure: ${qg.status}"
-        //                    }
-        //                }
-        //            }
-        //        }
-        //    }
-        //}
-		stage('Pushing to Docker Registry') {
-            steps {
-				script {
-					docker.withRegistry('http://drepo.local.cite.gr', 'b2c651c1-9a3b-4a98-a6da-e1dd7a20f512') {
-						pipelineContext.apiImage.push()
-						pipelineContext.webappImage.push()
-					}
-				}
-            }
-        }
-    }
-}

deployment/.env

@@ -0,0 +1,26 @@
+###################### GENERAL #########################
+#User that is used to deploy the containers
+DEPLOY_USER=root
+
+#version selections
+PROXY_TAG=mainline-alpine
+MAIN_APP_TAG=2.1.3
+NOTIFICATION_APP_TAG=2.1.3
+ANNOTATION_APP_TAG=2.1.3
+DOCX_APP_TAG=0.0.8
+JSON_APP_TAG=0.0.6
+ZENODO_APP_TAG=2.0.4
+ELK_VERSION=8.13.12
+KEYCLOAK_TAG=24.0.2
+GOTENBERG_TAG=8.4.0
+POSTGRES_TAG=16-alpine
+
+#Application configuration
+DOCKER_REGISTRY=crepo.cite.gr/
+PROFILE=staging
+
+#port speficiations
+SERVER_PORT=8080
+PROXY_APP_PORT=8081
+PROXY_MS_PORT=8082
+POSTGRES_PORT=5432

deployment/docker-compose.override.yml

@@ -0,0 +1,314 @@
+version: "2.4"
+
+services:
+############################## PROXY ########################################
+  opendmp.proxy:
+    user: ${DEPLOY_USER}:${DEPLOY_USER}
+    restart: unless-stopped
+    cpus: 1
+    mem_limit: 256m
+    ports:
+      - "${PROXY_APP_PORT}:8081"
+      - "${PROXY_MS_PORT}:8082"
+    env_file:
+      - /proxy/proxy.env
+    volumes:
+      - /proxy/nginx.conf:/etc/nginx/nginx.conf
+      - /proxy/ProxyNginx.conf:/etc/nginx/conf.d/default.conf
+      - /proxy/nginx-selfsigned.crt:/certifcates/cert.crt
+      - /proxy/nginx-selfsigned.key:/certifcates/key.key
+      - /logs/proxy:/tmp/logs
+    networks:
+      - opendmp-proxy-network
+
+############################## OPENDMP APP #################################
+  opendmp.backend:
+    user: ${DEPLOY_USER}:${DEPLOY_USER}
+    restart: unless-stopped
+    cpus: 1
+    mem_limit: 2048m
+    environment:
+      - PROFILE=${PROFILE}
+    ports:
+      - "8080"
+    volumes:
+      - /opendmp/backend/config:/config
+      - /opendmp/backend/certificates:/certificates
+      - /opendmp/backend/i18n:/i18n
+      - /opendmp/backend/material:/material
+      - /opendmp/backend/Semantics.json:/Semantics.json
+      - /storage/backend:/storage
+      - /logs/backend:/logs
+    networks:
+      - opendmp-proxy-network
+      - opendmp-backend-network
+      - opendmp-plugins-network
+      - opendmp-gotenberg-shared-network
+      - opendmp-elastic-shared-network
+      - opendmp-keycloak-shared-network
+      - opendmp-postgres-shared-network
+      - opendmp-rabbitmq-shared-network
+
+  opendmp.frontend:
+    restart: unless-stopped
+    cpus: 1
+    mem_limit: 2048m
+    ports:
+      - "8080"
+    volumes:
+      - /opendmp/webapp/config.json:/usr/share/nginx/html/assets/config/config.json
+      - /opendmp/webapp/nginx.conf:/etc/nginx/nginx.conf
+      - /opendmp/webapp/WebAppNginx.conf:/etc/nginx/conf.d/default.conf
+    networks:
+      - opendmp-proxy-network
+
+  opendmp.notification:
+    user: ${DEPLOY_USER}:${DEPLOY_USER}
+    cpus: 1
+    mem_limit: 1024m
+    restart: unless-stopped
+    ports:
+      - "8080"
+    environment:
+      - PROFILE=${PROFILE}
+    volumes:
+      - /opendmp/notification-api/config:/config
+      - /opendmp/notification-api/messages:/messages
+      - /opendmp/notification-api/notification_templates:/notification_templates
+      - /logs/notification-api:/logs
+    networks:
+      - opendmp-proxy-network
+      - opendmp-backend-network
+      - opendmp-plugins-network
+      - opendmp-rabbitmq-shared-network
+      - opendmp-keycloak-shared-network 
+      - opendmp-postgres-shared-network
+
+  opendmp.annotation:
+    user: ${DEPLOY_USER}:${DEPLOY_USER}
+    cpus: 1
+    mem_limit: 1024m
+    restart: unless-stopped
+    ports:
+      - "8080"
+    environment:
+      - PROFILE=${PROFILE}
+    volumes:
+      - /opendmp/annotation-api/config:/config
+      - /opendmp/annotation-api/messages:/messages
+      - /logs/annotation-api:/logs
+    networks:
+      - opendmp-proxy-network
+      - opendmp-backend-network
+      - opendmp-plugins-network
+      - opendmp-rabbitmq-shared-network
+      - opendmp-keycloak-shared-network
+      - opendmp-postgres-shared-network
+
+############################## FILE-TRANSFORMER #################################
+
+  opendmp.file.transformer.docx:
+    user: ${DEPLOY_USER}:${DEPLOY_USER}
+    restart: unless-stopped
+    cpus: 1
+    mem_limit: 1024m
+    expose:
+      - "8080"
+    environment:
+      - SERVER_PORT=${SERVER_PORT}
+      - PROFILE=${PROFILE}
+    volumes:
+      - /opendmp/file-transformer-docx/config:/config
+      - /logs/file-transformer-docx:/logs
+      - /storage/file-transformer-docx:/storage
+    networks:
+      - opendmp-backend-network
+      - opendmp-plugins-network
+      - opendmp-gotenberg-shared-network
+  
+  opendmp.file.transformer.rdajson:
+    user: ${DEPLOY_USER}:${DEPLOY_USER}
+    restart: unless-stopped
+    cpus: 1
+    mem_limit: 1024m
+    expose:
+      - "8080"
+    environment:
+      - SERVER_PORT=${SERVER_PORT}
+      - PROFILE=${PROFILE}
+    volumes:
+      - /opendmp/file-transformer-rda-json/config:/config
+      - /opendmp/file-transformer-rda-json/internal:/internal
+      - /logs/file-transformer-rda-json:/logs
+      - /storage/file-transformer-rda-json:/storage
+    networks:
+      - opendmp-backend-network
+      - opendmp-plugins-network
+
+############################## ZENODO #######################################
+  # opendmp.zenodo:
+  #   user: ${DEPLOY_USER}:${DEPLOY_USER}
+  #   restart: unless-stopped
+  #   cpus: 1
+  #   mem_limit: 1024m
+  #   expose:
+  #     - "8080"
+  #   environment:
+  #     - PROFILE=${PROFILE}
+  #   volumes:
+  #     - /opendmp/zenodo/config:/config
+  #     - /opendmp/zenodo/zenodo.jpg:/zenodo.jpg
+  #     - /logs/zenodo:/logs
+  #   networks:
+  #     - opendmp-plugins-network
+  #     - opendmp-keycloak-shared-network
+
+############################## POSTGRES 16 #################################
+
+  opendmp.postgres:
+      user: ${DEPLOY_USER}:${DEPLOY_USER}
+      restart: unless-stopped
+      mem_limit: 2048M
+      ports:
+        # - "127.0.0.1:${POSTGRES_PORT}:5432"
+        - "${POSTGRES_PORT}:5432"
+      env_file:
+      - postgres/postgres.env
+      volumes:
+        - /postgres/opendmp_init.sql:/docker-entrypoint-initdb.d/opendmp_init.sql
+        - /postgres/keycloak_init.sql:/docker-entrypoint-initdb.d/keycloak_init.sql
+        - /storage/postgres/data:/var/lib/postgresql/data
+      networks:
+        - opendmp-keycloak-shared-network
+
+################################# ELK #################################################
+  opendmp.elasticsearch:
+    user: ${DEPLOY_USER}:${DEPLOY_USER}
+    group_add:
+      - 0
+    restart: unless-stopped
+    cpus: 2
+    mem_limit: 1024m
+    env_file:
+      - /elk/config-elk/elasticsearch/elastic.env
+    environment:
+      - "ES_JAVA_OPTS=-Xmx512m -Xms512m"
+    ulimits:
+      nproc: 65535
+      memlock:
+        soft: -1
+        hard: -1
+    volumes:
+    - /elk/config-elk/elasticsearch/certificates:/usr/share/elasticsearch/config/certificates
+    - /elk/config-elk/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro
+    - /elk/config-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
+    - /elk/data-elk/elasticsearch-data:/usr/share/elasticsearch/data
+    - /elk/data-elk/elasticsearch-log:/usr/share/elasticsearch/logs
+    expose:
+      - "9200"
+      - "9300"
+    networks:
+      - opendmp-elastic-network
+      - opendmp-elastic-shared-network
+    healthcheck:
+      test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
+      interval: 30s
+      timeout: 10s
+      retries: 5
+
+  # opendmp.logstash:
+  #   volumes:
+  #     - /elk/data-elk/logstash-log:/usr/share/logstash/logs
+
+  opendmp.kibana:
+    user: ${DEPLOY_USER}:${DEPLOY_USER}
+    restart: unless-stopped
+    cpus: 2
+    mem_limit: 1024m
+    environment:
+      - xpack.license.self_generated.type=basic
+      - xpack.security.enabled=true
+    volumes:
+      - /elk/config-elk/kibana/certificates:/usr/share/kibana/certificates
+      - /elk/config-elk/kibana/certificates/ca:/usr/share/kibana/certificate_authorities
+      - /elk/config-elk/kibana/config:/usr/share/kibana/config:ro
+    expose:
+      - "5601"
+    networks:
+      - opendmp-elastic-network
+
+  # opendmp.filebeat:
+  
+
+############################## KEYCLOAK ###############################################
+  opendmp.keycloak:
+    restart: unless-stopped
+    command: ["start", "--log=console,file", "--log-file=/tmp/logs/keycloak.log", "--import-realm"]
+    cpus: 1
+    mem_limit: 1024M
+    security_opt:
+       - seccomp:unconfined
+    env_file:
+      - /keycloak/keycloak.env
+    environment:
+      - JAVA_OPTS_APPEND="-Djava.net.preferIPv4Stack=true"
+    volumes:
+      - /logs/keycloak:/tmp/logs
+      - /keycloak/imports/opendmp-realm.json:/opt/keycloak/data/import/opendmp-realm.json
+      - /keycloak/certs/keycloak-selfsigned.crt:/tmp/keycloak-selfsigned.crt:ro
+      - /keycloak/certs/keycloak-selfsigned.key:/tmp/keycloak-selfsigned.key:ro
+    expose:
+      - "8443"
+    networks:
+      - opendmp-proxy-network
+      - opendmp-keycloak-shared-network
+
+############################## RABBITMQ ###############################################
+  opendmp.rabbitmq:
+    labels:
+      NAME: "rabbitmq"
+    cpus: 1
+    mem_limit: 512m
+    restart: unless-stopped
+    expose:
+      - "15672"
+      - "5672"
+    env_file:
+      - /rabbitmq/rabbitmq.env
+#    volumes:
+#      - /rabbitmq/rabbitmq.config:/etc/rabbitmq/rabbitmq.config:ro
+    networks:
+      - opendmp-proxy-network
+      - opendmp-rabbitmq-shared-network
+
+############################## GOTENBERG ##############################################
+  opendmo.gotenberg:
+    mem_limit: 2048m
+    restart: unless-stopped
+    expose:
+     - "3000"
+    hostname: gotenberg
+    env_file:
+      - /gotenberg/gotenberg.env
+    networks:
+      - opendmp-gotenberg-shared-network
+
+networks:
+  opendmp-proxy-network:
+  opendmp-backend-network:
+  opendmp-plugins-network:
+  opendmp-keycloak-shared-network:
+    external:
+      name: opendmp-keycloak-shared-network
+  opendmp-gotenberg-shared-network:
+    external:
+      name: opendmp-gotenberg-shared-network
+  opendmp-rabbitmq-shared-network:
+    external:
+      name: opendmp-rabbitmq-shared-network
+  opendmp-elastic-shared-network:
+    external:
+      name: opendmp-elastic-shared-network
+  opendmp-postgres-shared-network:
+    external:
+      name: opendmp-postgres-shared-network

deployment/docker-compose.yml

@@ -0,0 +1,115 @@
+version: "2.4"
+
+services:
+############################## PROXY ########################################
+  opendmp.proxy:
+      container_name: opendmp.proxy
+      image: nginx:${PROXY_TAG}
+
+############################## OPENDMP APP #################################
+
+  opendmp.frontend:
+    container_name: opendmp.frontend
+    image: ${DOCKER_REGISTRY}open-dmp-webapp:${MAIN_APP_TAG}
+    depends_on:
+      - opendmp.backend
+      - opendmp.notification
+      - opendmp.annotation
+
+  opendmp.backend:
+    container_name: opendmp.backend
+    image: ${DOCKER_REGISTRY}open-dmp-api:${MAIN_APP_TAG}
+    depends_on:
+      - opendmp.postgres
+
+  opendmp.notification:
+    container_name: opendmp.notification
+    image: ${DOCKER_REGISTRY}open-dmp-notification-api:${NOTIFICATION_APP_TAG}
+    depends_on:
+      - opendmp.postgres
+
+  opendmp.annotation:
+    container_name: opendmp.annotation
+    image: ${DOCKER_REGISTRY}open-dmp-annotation-api:${ANNOTATION_APP_TAG}
+    depends_on:
+      - opendmp.postgres
+
+############################## FILE-TRANSFORMERS #######################################
+
+  opendmp.file.transformer.docx:
+    container_name: opendmp.file.transformer.docx
+    image: ${DOCKER_REGISTRY}file-transformation-docx-api:${DOCX_APP_TAG}
+    depends_on:
+      - opendmp.backend
+
+  opendmp.file.transformer.rdajson:
+    container_name: opendmp.file.transformer.rdajson
+    image: ${DOCKER_REGISTRY}file-transformation-rda-json-api:${JSON_APP_TAG}
+    depends_on:
+      - opendmp.backend
+
+################################ ZENODO ###############################################
+  # opendmp.zenodo:
+  #   container_name: opendmp.zenodo
+  #   image: ${DOCKER_REGISTRY}repository-deposit-zenodo:${ZENODO_APP_TAG}
+  #   depends_on:
+  #     - opendmp.backend
+
+############################## POSTGRES 16 ############################################
+  opendmp.postgres:
+    container_name: opendmp.postgres
+    image: postgres:${POSTGRES_TAG}
+
+################################# ELK #################################################
+  opendmp.elasticsearch:
+    container_name: opendmp.elasticsearch
+    image: elasticsearch
+    build:
+      context: /elk/elasticsearch/
+      args:
+        ELK_VERSION: $ELK_VERSION
+
+  # opendmp.logstash:
+  #    container_name: opendmp.logstash
+  #    image: logstash
+  #    build:
+  #     context: /elk/logstash/
+  #     args:
+  #       ELK_VERSION: $ELK_VERSION
+  #    depends_on:
+  #      - opendmp.elasticsearch
+
+  opendmp.kibana:
+    container_name: opendmp.kibana
+    image: kibana
+    build:
+      context: /elk/kibana/
+      args:
+        ELK_VERSION: $ELK_VERSION
+    depends_on:
+      - opendmp.elasticsearch
+
+  # opendmp.filebeat:
+  #   container_name: opendmp.filebeat
+  #   image: filebeat
+  #   build:
+  #     context: /elk/filebeat/
+  #     args:
+  #       ELK_VERSION: $ELK_VERSION
+  #   depends_on:
+  #      - opendmp.logstash
+
+############################## KEYCLOAK ###############################################
+  opendmp.keycloak:
+    container_name: opendmp.keycloak
+    image: quay.io/keycloak/keycloak:${KEYCLOAK_TAG}
+
+############################## RABBITMQ ###############################################
+  opendmp.rabbitmq:
+    container_name: opendmp.rabbitmq
+    image: rabbitmq:${RABBITMQ_TAG}
+
+############################## GOTENBERG ##############################################
+  opendmp.gotenberg:
+    image: gotenberg/gotenberg:${GOTENBERG_TAG}
+    container_name: opendmp.gotenberg

deployment/elk/config-elk/elasticsearch/certificates/ca/ca-key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC3Ijv7bT86kta/
+1wx0nMbtZvXF5Hfmt1n3087NcOi/JdjnSmF7JfTCXjzKQtOKrv2tLGkaXfrzerL+
+yPBKuffTMk80vHSixmrH71IX0DriKNxnW6RNg1j3R3igVVsGTNdUbI26dc3RZpKR
+gb7u/HqR1GTLD6EfrcL655aitCmywvyzLQ/x1BWZ3WjaMONT1DdU7I1GXhqv96be
+Sbi2dQUdogNFGhiK9WwFrKJpeSERlOl6jPBqoYRZjBlgJ/DlmWhvlKwj91ilYeOd
+ifsB9e7F9lwUbADsSGTOKKqBIX29ZcFkXwJshtm6CIQXWnvz+jl46mu5ScEU+iwr
+mvILVUIJAgMBAAECggEAEgO3WEp9FYczwj/GfSMd62T9KLgKdmLTYg5PEcT5VDJG
+JaxarflEHCmWe8P6mLIRiKstdJdJlBFeEbOU9ZjZEMiqY3LlW0y+3MeFMQv9+tjP
+o4gvf6N7ySlZ65Wx5EsDRI4AHBcyBZb8NH2JmWszKGy29IWnUR0v6KwG1J752hhq
+vTO9aMaz3MTstKTal0cDJRaTjPctzXVSyJSTeClNpl8mFDYbCUR/PPklZbAx9CyY
+K6orDCUBGOH2wK85+l9uFaUWOcupKBhg99MKZTpX/6tIgqbCuBfN8FBk0LztJ/Uo
+SZAHf5QIt6eTmcBtarlbsTV0TeJj5llVUGynHTBvQQKBgQC+ZTbTkbfHIgbVqDeU
+YkBiKul4M8xzIOsogNtZVevL7R2KSco1TUmcY7SDq8flshtZJb6utXUXCUprNsZl
+OOM7QpXxfnYKTjv39NTM4eCCzvMcDpBRmBQmQkka+2NbAxMTy91T709EAiqgia+m
+tszU93IGIle9abv9Fo1giw/lqQKBgQD2PHhwtmVT3B/H/ywtadCmyfHm+kHi8IWR
+y//EvLjDgI+SzwIgM2ABLAkKqg1VXkgZ741AxaQkkcP+NgJ2saY0cJCKBr/SPyRe
+jTfbWWfH89Mf3EVl2fxkG3YL1EJu+boup3l9L1rGpK9japAIMNOXh8S4A5WCOZLr
+Hk6FuTF1YQKBgEr8K9qpcjrQMObm6HTdOUQwaGD57ZSOK295SGpnx4U6Lr8vDp9t
+gAdC0W5mMkVJnzG+BtpiBup6sz+EhCCLhhrpv4or5ytp4n5mg4TplPWPsfmj1rz7
+6zuiMY6Z4WiPzmymhtWu04YSYF13vKEpL4TUq6i0z99+jBZCUo3qVul5AoGAcYNG
+8o7i/1nGvOgBcZ4KNhl6jsRngzrmGGQ2sHdfpaCqjz8m97k3VNL8CBKEuwoPqwUn
+1OhH1yPrelFjqVwUBrCtsTOTUlURaxUm3tPEaAUbGuDsjRuEopGWRbXAOnCdR8yk
+0PT3oANjZy1E4MHBiWVpZnsgfTwVYpZCFJtfFYECgYBkyF06DC0DhZZ0AEZpJHxf
+xbP/1gq7KlBzR6WSSRzPxX/3VOdBuGs7qYP1orDEF9wG/0Jk35Ek+PcT97j6s0gE
+a4Zd8iYpSdgd36L+5uBxgRsavr/Xf4lQECRTQYfKUVhKhhCT1xjOUAAr52Vl+8V/
+5sIcUBUzbXDpZvyR/67pxQ==
+-----END PRIVATE KEY-----

deployment/elk/config-elk/elasticsearch/certificates/ca/ca.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDcTCCAlmgAwIBAgIUE5s/YTgomqob7mc88HmQUn/sHkswDQYJKoZIhvcNAQEL
+BQAwRzELMAkGA1UEBhMCR1IxDTALBgNVBAgMBENJVEUxDDAKBgNVBAcMA0FUSDEN
+MAsGA1UECgwEQ0lURTEMMAoGA1UEAwwDZWxrMCAXDTIyMDkwODA3Mzg0NFoYDzIx
+MjIwODE1MDczODQ0WjBHMQswCQYDVQQGEwJHUjENMAsGA1UECAwEQ0lURTEMMAoG
+A1UEBwwDQVRIMQ0wCwYDVQQKDARDSVRFMQwwCgYDVQQDDANlbGswggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3Ijv7bT86kta/1wx0nMbtZvXF5Hfmt1n3
+087NcOi/JdjnSmF7JfTCXjzKQtOKrv2tLGkaXfrzerL+yPBKuffTMk80vHSixmrH
+71IX0DriKNxnW6RNg1j3R3igVVsGTNdUbI26dc3RZpKRgb7u/HqR1GTLD6EfrcL6
+55aitCmywvyzLQ/x1BWZ3WjaMONT1DdU7I1GXhqv96beSbi2dQUdogNFGhiK9WwF
+rKJpeSERlOl6jPBqoYRZjBlgJ/DlmWhvlKwj91ilYeOdifsB9e7F9lwUbADsSGTO
+KKqBIX29ZcFkXwJshtm6CIQXWnvz+jl46mu5ScEU+iwrmvILVUIJAgMBAAGjUzBR
+MB0GA1UdDgQWBBQSAI1g3+gAsT5BHVfaWPlNFy9IgjAfBgNVHSMEGDAWgBQSAI1g
+3+gAsT5BHVfaWPlNFy9IgjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBAQCmR4cz47QtGX1xn2Rrl1NdLX2wiS2y7P4xRGzKeAYZIHLZWW/GaJDb+yw9
+Cz9qjhuBhGqfIeh8QryRgPotd64Oef0MscC+oFfprWxQA0svP83sITr9BazGb4A4
+LcIToVHZtIMnak119k1RsNYpzADDBxnaaODs3xCe21dfCVI/ea+wSPiUY3vvZZDn
+KejJclhRnQFV3yQ7hMdR9tq0BndWtqHrappa3oX2JU1yi/x3Ndi6dOMk+x7+kc4Q
+OAtzcXa29kowAyLUMHhGYwcsJp8ysa6Xlltqt/kkI+3CgbTl/egUU9igysMKDyMM
+0LQcef+IQwmeHfD1RAW2ksW2OOx5
+-----END CERTIFICATE-----

deployment/elk/config-elk/elasticsearch/certificates/elasticsearch/elasticsearch.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAkSgAwIBAgIUK8FEbNAIdyPoRF/pTyqNuL3kP54wDQYJKoZIhvcNAQEL
+BQAwRzELMAkGA1UEBhMCR1IxDTALBgNVBAgMBENJVEUxDDAKBgNVBAcMA0FUSDEN
+MAsGA1UECgwEQ0lURTEMMAoGA1UEAwwDZWxrMCAXDTIyMDkwODA4MjgxM1oYDzIx
+MjIwODE1MDgyODEzWjAYMRYwFAYDVQQDDA1lbGFzdGljc2VhcmNoMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoC6DoPC1kesTH0cKs1blVW8ddsQ3VmFO
+ROJiUorhDIHB3sXJhCSw0hxZFNZtqgG35CTa5w3XiQMT1fr6Ar/ztOQmARg9CMQa
+mOf8gR+tMTSwP7zr7WBR/1Q+GseeOnthFOfvfq7LLpRs8VNb/mhcSIjJsT9kMNXN
+5iHIyEuGhQSwPZDUYx+6Ag4belQLvic+QYDhwvujtPFWj8qLSG7kTpbBK5ahH/5E
+mvT5mpOYTR10f3LG4DKw7t6qG9tzh4WkwR0JYmlgxpAA/HBSa/QjS7CGxLrA4Sop
+gQF8KQPEP/0w98EbYpBUPS5jqbkBr6093M7Epksi86oRjtbcXAT0qwIDAQABo20w
+azApBgNVHREEIjAggg1lbGFzdGljc2VhcmNogglsb2NhbGhvc3SHBH8AAAEwHQYD
+VR0OBBYEFC/cKMOAVbx8bwyoKdg2Oiej9xoSMB8GA1UdIwQYMBaAFBIAjWDf6ACx
+PkEdV9pY+U0XL0iCMA0GCSqGSIb3DQEBCwUAA4IBAQBo42FOuxIMeIiMaKa347gc
+WsHpkazYOA6iHK5xXPsVUU1xSCLKp5HLCC04FU5P9njCDyZo1e/SR6rirQJJHEtT
+SAn7iabREE+vy0oN3JnyV+eJPmKWxlqeFr9Cs9uIXQbgjwyyj9rxT06eLr3M1MA1
+IsARV2eyxcgS5sCC8JBCEpKR4jLRrpAs0tGJOeIh1cmf/1id+NQaDa14sLFKHBH1
+3+6TfBPrhJoGqFz92jV2airr7dppyCXgmWymVc66iD00Nak6Bvchg6ARTkqJnfoZ
+2/Tz7asHV2V052ZLiow7Si34nS/9Hp8F8vUaj+FYXowvGwQUXLQIg/53KXh7piuW
+-----END CERTIFICATE-----

deployment/elk/config-elk/elasticsearch/certificates/elasticsearch/elasticsearch.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCgLoOg8LWR6xMf
+RwqzVuVVbx12xDdWYU5E4mJSiuEMgcHexcmEJLDSHFkU1m2qAbfkJNrnDdeJAxPV
++voCv/O05CYBGD0IxBqY5/yBH60xNLA/vOvtYFH/VD4ax546e2EU5+9+rssulGzx
+U1v+aFxIiMmxP2Qw1c3mIcjIS4aFBLA9kNRjH7oCDht6VAu+Jz5BgOHC+6O08VaP
+yotIbuROlsErlqEf/kSa9Pmak5hNHXR/csbgMrDu3qob23OHhaTBHQliaWDGkAD8
+cFJr9CNLsIbEusDhKimBAXwpA8Q//TD3wRtikFQ9LmOpuQGvrT3czsSmSyLzqhGO
+1txcBPSrAgMBAAECggEAJdOmMPj3H9zgGKhJrh1Mrha94gCnQsZa2eiOKIj0aWQx
+GL8jfgm+Gfgoz0NuBVI/j2hmq1648fmgkw0gQkr7LdIc6XBEZZAN6eMK3aFR4Idd
+QcgG/PkclAvcWK2gP5ZIUEwPYh68C6VwbrLtTBBwDo8C9lEOg3vSElETHb28KCgZ
+sC0wLres01crLF0Azh+m3cx+p/6TBLfpBIrM0HQn1Lmn/dP6BKcRDoncE+GcKjE1
+JZcgypdC4Juq2WctMNbBvgt+7AjVB1n9ejrUN5rlK+JP3Xa7D4zvc79CDX+BP2C2
+X57ZT4Pff5mPF70zrlqGQNnBep09UxZTRnHDRMWzZQKBgQDfMT+G+x49TZYuaiQC
+gKguQ0k8F6nnrmz0rz2MNJiZ9oTYAtz5wRQ25KkbqTc7beKecSykp5izoluzgSJu
+dTFh11SO1i63kMzpFFyBui3rSoUjAq+sMzRY5ERyUsG90tsaAl2a9PT3M9b5a0XC
+8f1cDhKt+JQtaYRiZZJsC4Ru1wKBgQC3uirv92/dq1RcuWBf/yt2n6/JY9+9k1NI
+vDzQtVI0Q3OZfRX9Rn9/+h3fSXTG3w7p5FqfNguHYPbLNzO+6WxxeuDveAL3Nx4/
+HSURjbiK+ppYDwyeY4IgKgeq2mRrIZC4rSqEsrJMLnNiDRYaVTWZczqGLT5oZ5cT
+lBLDD6+STQKBgDhi68bBOIGKUW/GdvR+5n5Rl3XsEIusoHAsuaLrQsZa5nLgPk2G
+vwGjQSnw1ThZaZBXzUyH3uc7FGnELRu01dX/Hai8aa8MkQgtkbVggOtZt0sCCbm6
+cfYnLTeourOnSp1GjblxO1YcranztPssQbL5BzUWgPD8IGrveE99lWafAoGAG6q4
+PoynVt0vBguQXMRjOijP4ubcUYL2/rQCAHfdmisyJEH25r4QAyiaCP7Zy/zZFRWj
+I+iSkd9jKrT0YOJrxyb26njLEYlGT8DGzT7nNF6KkYoqn0ti1A8gOnVKu+tBDN5e
+0b7LJLe1/mT0GCEOwj3c6Um05Sn8USFyNdeN290CgYBSdmwqJYUGJXVGTCn2Ff4Z
+jdFtN/Q9kFDhCCYVV1XAJ5mdX4k77HIw5EAlDXM0EZnhQAec+RSKIO7Oc+9krmFq
+R1lCT/s7UDsitQBDmkQs+12PEILuk+Qbdan+CwTLwCik06vj+VzZhHylFoOMJLdm
+lf4Bnd2TNNykAsd2jy5cAg==
+-----END PRIVATE KEY-----

deployment/elk/config-elk/elasticsearch/certificates/elasticsearch/v3.ext

@@ -0,0 +1,12 @@
+[ req ]
+default_bits       = 2048
+distinguished_name = req_distinguished_name
+req_extensions     = req_ext
+[ req_distinguished_name ]
+commonName                 = elasticsearch
+[ req_ext ]
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = elasticsearch
+DNS.2 = localhost
+IP.1 = 127.0.0.1

deployment/elk/config-elk/elasticsearch/config/elasticsearch.yml

@@ -0,0 +1,19 @@
+---
+## Default Elasticsearch configuration from elasticsearch-docker.
+## from https://github.com/elastic/elasticsearch-docker/blob/master/build/elasticsearch/elasticsearch.yml
+#
+network.host: 0.0.0.0
+
+# minimum_master_nodes need to be explicitly set when bound on a public IP
+# set to 1 to allow single node clusters
+# Details: https://github.com/elastic/elasticsearch/pull/17288
+# discovery.zen.minimum_master_nodes: 1
+
+## Use single node discovery in order to disable production mode and avoid bootstrap checks
+## see https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html
+#
+discovery.type: single-node
+## Search Guard
+#
+
+

deployment/elk/config-elk/elasticsearch/config/log4j2.properties

@@ -0,0 +1,179 @@
+#https://github.com/elastic/elasticsearch/blob/7.4/distribution/src/config/log4j2.properties
+
+status = error
+
+# log action execution errors for easier debugging
+logger.action.name = org.elasticsearch.action
+logger.action.level = debug
+
+appender.console.type = Console
+appender.console.name = console
+appender.console.layout.type = PatternLayout
+appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
+
+######## Server JSON ############################
+appender.rolling.type = RollingFile
+appender.rolling.name = rolling
+appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_server.json
+appender.rolling.layout.type = ESJsonLayout
+appender.rolling.layout.type_name = server
+
+appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz
+appender.rolling.policies.type = Policies
+appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
+appender.rolling.policies.time.interval = 1
+appender.rolling.policies.time.modulate = true
+appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
+appender.rolling.policies.size.size = 128MB
+appender.rolling.strategy.type = DefaultRolloverStrategy
+appender.rolling.strategy.fileIndex = nomax
+appender.rolling.strategy.action.type = Delete
+appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path}
+appender.rolling.strategy.action.condition.type = IfFileName
+appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-*
+appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize
+appender.rolling.strategy.action.condition.nested_condition.exceeds = 2GB
+################################################
+######## Server -  old style pattern ###########
+appender.rolling_old.type = RollingFile
+appender.rolling_old.name = rolling_old
+appender.rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log
+appender.rolling_old.layout.type = PatternLayout
+appender.rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
+
+appender.rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.log.gz
+appender.rolling_old.policies.type = Policies
+appender.rolling_old.policies.time.type = TimeBasedTriggeringPolicy
+appender.rolling_old.policies.time.interval = 1
+appender.rolling_old.policies.time.modulate = true
+appender.rolling_old.policies.size.type = SizeBasedTriggeringPolicy
+appender.rolling_old.policies.size.size = 128MB
+appender.rolling_old.strategy.type = DefaultRolloverStrategy
+appender.rolling_old.strategy.fileIndex = nomax
+appender.rolling_old.strategy.action.type = Delete
+appender.rolling_old.strategy.action.basepath = ${sys:es.logs.base_path}
+appender.rolling_old.strategy.action.condition.type = IfFileName
+appender.rolling_old.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-*
+appender.rolling_old.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize
+appender.rolling_old.strategy.action.condition.nested_condition.exceeds = 2GB
+################################################
+
+rootLogger.level = info
+rootLogger.appenderRef.console.ref = console
+rootLogger.appenderRef.rolling.ref = rolling
+rootLogger.appenderRef.rolling_old.ref = rolling_old
+
+######## Deprecation JSON #######################
+appender.deprecation_rolling.type = RollingFile
+appender.deprecation_rolling.name = deprecation_rolling
+appender.deprecation_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.json
+appender.deprecation_rolling.layout.type = ESJsonLayout
+appender.deprecation_rolling.layout.type_name = deprecation
+appender.deprecation_rolling.layout.esmessagefields=x-opaque-id
+
+appender.deprecation_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation-%i.json.gz
+appender.deprecation_rolling.policies.type = Policies
+appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy
+appender.deprecation_rolling.policies.size.size = 1GB
+appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy
+appender.deprecation_rolling.strategy.max = 4
+#################################################
+######## Deprecation -  old style pattern #######
+appender.deprecation_rolling_old.type = RollingFile
+appender.deprecation_rolling_old.name = deprecation_rolling_old
+appender.deprecation_rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.log
+appender.deprecation_rolling_old.layout.type = PatternLayout
+appender.deprecation_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
+
+appender.deprecation_rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\
+  _deprecation-%i.log.gz
+appender.deprecation_rolling_old.policies.type = Policies
+appender.deprecation_rolling_old.policies.size.type = SizeBasedTriggeringPolicy
+appender.deprecation_rolling_old.policies.size.size = 1GB
+appender.deprecation_rolling_old.strategy.type = DefaultRolloverStrategy
+appender.deprecation_rolling_old.strategy.max = 4
+#################################################
+logger.deprecation.name = org.elasticsearch.deprecation
+logger.deprecation.level = warn
+logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling
+logger.deprecation.appenderRef.deprecation_rolling_old.ref = deprecation_rolling_old
+logger.deprecation.additivity = false
+
+######## Search slowlog JSON ####################
+appender.index_search_slowlog_rolling.type = RollingFile
+appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling
+appender.index_search_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs\
+  .cluster_name}_index_search_slowlog.json
+appender.index_search_slowlog_rolling.layout.type = ESJsonLayout
+appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog
+appender.index_search_slowlog_rolling.layout.esmessagefields=message,took,took_millis,total_hits,types,stats,search_type,total_shards,source,id
+
+appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs\
+  .cluster_name}_index_search_slowlog-%i.json.gz
+appender.index_search_slowlog_rolling.policies.type = Policies
+appender.index_search_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy
+appender.index_search_slowlog_rolling.policies.size.size = 1GB
+appender.index_search_slowlog_rolling.strategy.type = DefaultRolloverStrategy
+appender.index_search_slowlog_rolling.strategy.max = 4
+#################################################
+######## Search slowlog -  old style pattern ####
+appender.index_search_slowlog_rolling_old.type = RollingFile
+appender.index_search_slowlog_rolling_old.name = index_search_slowlog_rolling_old
+appender.index_search_slowlog_rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\
+  _index_search_slowlog.log
+appender.index_search_slowlog_rolling_old.layout.type = PatternLayout
+appender.index_search_slowlog_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
+
+appender.index_search_slowlog_rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\
+  _index_search_slowlog-%i.log.gz
+appender.index_search_slowlog_rolling_old.policies.type = Policies
+appender.index_search_slowlog_rolling_old.policies.size.type = SizeBasedTriggeringPolicy
+appender.index_search_slowlog_rolling_old.policies.size.size = 1GB
+appender.index_search_slowlog_rolling_old.strategy.type = DefaultRolloverStrategy
+appender.index_search_slowlog_rolling_old.strategy.max = 4
+#################################################
+logger.index_search_slowlog_rolling.name = index.search.slowlog
+logger.index_search_slowlog_rolling.level = trace
+logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling
+logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling_old.ref = index_search_slowlog_rolling_old
+logger.index_search_slowlog_rolling.additivity = false
+
+######## Indexing slowlog JSON ##################
+appender.index_indexing_slowlog_rolling.type = RollingFile
+appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling
+appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\
+  _index_indexing_slowlog.json
+appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout
+appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog
+appender.index_indexing_slowlog_rolling.layout.esmessagefields=message,took,took_millis,doc_type,id,routing,source
+
+appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\
+  _index_indexing_slowlog-%i.json.gz
+appender.index_indexing_slowlog_rolling.policies.type = Policies
+appender.index_indexing_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy
+appender.index_indexing_slowlog_rolling.policies.size.size = 1GB
+appender.index_indexing_slowlog_rolling.strategy.type = DefaultRolloverStrategy
+appender.index_indexing_slowlog_rolling.strategy.max = 4
+#################################################
+######## Indexing slowlog -  old style pattern ##
+appender.index_indexing_slowlog_rolling_old.type = RollingFile
+appender.index_indexing_slowlog_rolling_old.name = index_indexing_slowlog_rolling_old
+appender.index_indexing_slowlog_rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\
+  _index_indexing_slowlog.log
+appender.index_indexing_slowlog_rolling_old.layout.type = PatternLayout
+appender.index_indexing_slowlog_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
+
+appender.index_indexing_slowlog_rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\
+  _index_indexing_slowlog-%i.log.gz
+appender.index_indexing_slowlog_rolling_old.policies.type = Policies
+appender.index_indexing_slowlog_rolling_old.policies.size.type = SizeBasedTriggeringPolicy
+appender.index_indexing_slowlog_rolling_old.policies.size.size = 1GB
+appender.index_indexing_slowlog_rolling_old.strategy.type = DefaultRolloverStrategy
+appender.index_indexing_slowlog_rolling_old.strategy.max = 4
+#################################################
+
+logger.index_indexing_slowlog.name = index.indexing.slowlog.index
+logger.index_indexing_slowlog.level = trace
+logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling
+logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling_old.ref = index_indexing_slowlog_rolling_old
+logger.index_indexing_slowlog.additivity = false

deployment/elk/config-elk/elasticsearch/elastic.env

@@ -0,0 +1,16 @@
+cluster.name=opendmp-cluster
+bootstrap.memory_lock=true
+xpack.license.self_generated.type=basic
+xpack.monitoring.collection.enabled=true
+xpack.ml.enabled=false
+xpack.security.enabled=true
+xpack.security.http.ssl.enabled=true
+xpack.security.http.ssl.verification_mode=certificate
+xpack.security.http.ssl.key=/usr/share/elasticsearch/config/certificates/elasticsearch/elasticsearch.key
+xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca/ca.crt
+xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/certificates/elasticsearch/elasticsearch.crt
+xpack.security.transport.ssl.enabled=true
+xpack.security.transport.ssl.verification_mode=certificate
+xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca/ca.crt
+xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certificates/elasticsearch/elasticsearch.crt
+xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certificates/elasticsearch/elasticsearch.key

deployment/elk/config-elk/kibana/certificates/ca/ca.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSTCCAjGgAwIBAgIUXMpiJCPQnPeOHA1FjYo12FaHO1UwDQYJKoZIhvcNAQEL
+BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
+cmF0ZWQgQ0EwHhcNMTkwOTAzMTUyMDM1WhcNMjIwOTAyMTUyMDM1WjA0MTIwMAYD
+VQQDEylFbGFzdGljIENlcnRpZmljYXRlIFRvb2wgQXV0b2dlbmVyYXRlZCBDQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI1ci/DoagopzxemkP21UmnP
+wv2Yoo267y6CR/okrT3a0lARDjPl28YaNsEQ2skAnPu3gNqqDWW9j1aWEtWwNuEA
+PudVCdc6irgFEbPlwU6Dh05LVB99FCw70UKM5G4CSH7gMQvzPcvjJT4ROKoDCh3W
+I+pWYqhqU9xEiMzwsPdC2uy2Om2I0bZ2A03WmMr8Ts58qmBqVOMBLIY008jFetj7
+ZH67WDT92pqfG9/xRKH9ELdZNlNw/2fSTb4KBek06MZIzPkHk0iMhw7bMLwEYyDy
+J14Rym4Up9akgr8J6XwyACek5oht1lQlJjYhUuf2ZSzVJ54LhYoTGg1ybYT9qx8C
+AwEAAaNTMFEwHQYDVR0OBBYEFAxdsx3VcEsMaPWe7GvbyHOEnftTMB8GA1UdIwQY
+MBaAFAxdsx3VcEsMaPWe7GvbyHOEnftTMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBADltg11WpSg0tYVXrAowySy68CkcK9t/XYioeRYRAvfSD5mB
+ONMFegqwJVqUzu6HbxkhpVBf/JykGqSkf0Cu5BRUYT7A+egpDNAPAIa1/SbSchjP
+mbFMbpLRXFfP60xqgVem0C5wKcMEFFg+0YRDkSf/232aCwb0sS63V52ssmnEDN6v
+k4Cn2k/MZjAi/seWNnphaTyU71Eu3ObftIpOGc4ZJ875KiUZQtCXrP36QICUdFAM
+ay+z2gEVQQE2zKbtaEeE0Sxyas9eRnGHXzbx/yoz706lME9QmzPmcvfVlHQH8N/o
+2nU+I07j6TDoHn/WRIgbWR0jrWv0hlTqzxOyCDM=
+-----END CERTIFICATE-----

deployment/elk/config-elk/kibana/certificates/kibana.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUjCCAjqgAwIBAgIUKTnOSL0Rtnm8ZQkfSUvpQiBNGnMwDQYJKoZIhvcNAQEL
+BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
+cmF0ZWQgQ0EwHhcNMTkwOTAzMTUyMDM1WhcNMjIwOTAyMTUyMDM1WjAYMRYwFAYD
+VQQDEw1lbGFzdGljc2VhcmNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAkB1OMRBRUDUxQ6fIv5gv0myKDZgVJFnEEjIjU6YjMpf/htTsvu8zdpBoWhg6
+7IsflSkUPynDG4geFjQ/WtxVeqxjnmtIB2fMDAHppX882as3tYjBlHj1sU0/OwwI
+Ga5/OtxOubGswrzCEEjIgZwTtSX2Yzx3tE2UzwjWsYwGCBM/ssN8Wc1vlqq20+Qr
+Lsggk+dXapN2wL9FABrxrJfV2SxXb2qKLKVd3EIfs+HVqIt9dVrpcFRV3Lwexg+Z
+wlJv58EPsynphczssBhMOhlmVqpRY8z88fqsbqDVdqHIF8hqn7czWFqeCRldnb7W
+LWaYaOG0Jd6SM7OpHnfNgBST4wIDAQABo3gwdjAdBgNVHQ4EFgQUCkDAcWSJ6H2G
+UFFh9dhk+mG0L08wHwYDVR0jBBgwFoAUDF2zHdVwSwxo9Z7sa9vIc4Sd+1MwKQYD
+VR0RBCIwIIIJbG9jYWxob3N0hwR/AAABgg1lbGFzdGljc2VhcmNoMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggEBAAQpkdkGl2H0ylgbmmNiIlrQX+U2i4ag4sJ6
+xsVR5OWxuyB/aMWhuOHkgueMh2wElufn60jK0Mh25b2U7oO/0Nq+28rhhP9HURLz
+7/TwCbLcglTAgHQPWItwn5r5WKDFNCPNpZXFU/oG5H6hUJqTvuaTN6G/PQ6V9Yp3
+J00NbPuFq8tjNAc/kQnhC7zdC/7YQ/fanHBPkvQnkGbac5+VAF/se/JYbxRpSz23
+5a+v6BDb/kjs82QgV8dzsyFmntO+Neesu9tTJurBbQD5T3xMgoGSWLgnTCq3/drl
+PMBLgUQHik629dU+7o8ePCdyULruGMR6CIBqO7ZKQASulhkxdUo=
+-----END CERTIFICATE-----

deployment/elk/config-elk/kibana/certificates/kibana.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAkB1OMRBRUDUxQ6fIv5gv0myKDZgVJFnEEjIjU6YjMpf/htTs
+vu8zdpBoWhg67IsflSkUPynDG4geFjQ/WtxVeqxjnmtIB2fMDAHppX882as3tYjB
+lHj1sU0/OwwIGa5/OtxOubGswrzCEEjIgZwTtSX2Yzx3tE2UzwjWsYwGCBM/ssN8
+Wc1vlqq20+QrLsggk+dXapN2wL9FABrxrJfV2SxXb2qKLKVd3EIfs+HVqIt9dVrp
+cFRV3Lwexg+ZwlJv58EPsynphczssBhMOhlmVqpRY8z88fqsbqDVdqHIF8hqn7cz
+WFqeCRldnb7WLWaYaOG0Jd6SM7OpHnfNgBST4wIDAQABAoIBACRGPBg9czotKWlO
+IkmXlPHyQA2L6kZsEd5CoIG9n75sY/UcQzsMGngNgTasQqinnBt/a4k6idG0QV51
+aD0GmL14BtspRcgXaFTdZmIx1K81WaBn+9HTYIRwXSoPrTpJody+91HmVwXtXSuc
+Jlv5XTyLgakY30iS/pHeN6wZAqulS7p6DkCH+W3c15BvNYnsjDX5vYZLgmktNl62
+LoHymTt54rLhxheZiwFeiHePsl9IanvnDEjCl2jBFnFB402NeapTex84ZnOgPYEV
+5w81MUYMeLy1aaziWEICPP1TU62T2oYKUFC1kQKUgCYp3t1UUkLsF6KfybJ+baMs
++Nm5IQECgYEAzy4kQ9wo2x+3teQgMR+QLIN2cgfDCgI1BXUzhIr607kpo6F12Jf0
+zT5sC+9OzSPh3dPkyvnWtg2K3ld3L+ATqGvpWC42OgSI0HK6rnfL8Q3cYld8KLwn
+C8lbSQuDFo+hMJoGU7V+QTXM8j1e+2KoxgwGfceeiwql5GpqqcHFSJkCgYEAshLP
+QYOBaimhOlY1m1B9YgXrgNKoj66njhHJLTD9rD4BvMsntGo8UaBrZxpcQKaDO778
+UtuRPM8Pfrg2Q2fR6SHAydoQpiGQ0XrkUXNmh3v9YOBlFzdg1PhKSCRZRv75KjnC
+Z4jyL8GVYMhB+vWl/bQJO5o5YYHR7OdJCs8p4dsCgYEAnTQl0Ff9qEco3pt60cth
+WmVmOqApHi8OjFWiAbBzIrQdJEwfX3nuBs6WrXeoE4BmoitmL53jjcA43vz/MxST
+1fgL1x05iExog8KKZFgCJ6ac0wIO89nQxuDCo2pYzYWuiXJV2q6cXl60ZBqtN5Jk
+/eGiC06svlQWDHuy85xUVgECgYEAm8jk1FWtxCiDSjvdTfEOn9C6BMtGd9y97QYW
+T5jKdAMTFg1MwQMnnemPzHU9O7nwmTYuHHbGCsLCtYOGxVVwSFolBPHnGs/Gl9zB
+HZitm92W/0eQaM0jw20r3w0dpYSuiohZUKZ36dubST4oqtp4ywjUAvabOHiQJIb6
+WaB+7X0CgYEAptNxensUEn+hSKfMVCxS36U1QL2njRfGiCfqVHVOKeu6+oLB4N/N
+0mZngesMGV1HxzYivwkXW07U0drgfqv+iHBIF5HYRM6PkFNpop6PJAlVpFaATx0s
+tDvtrcmgz3hunhHURvr/VlXcGuYo4mpySPhHDTeF6Ad/9Ml16vO7uW0=
+-----END RSA PRIVATE KEY-----

deployment/elk/config-elk/kibana/config/kibana.yml

@@ -0,0 +1,15 @@
+---
+## Default Kibana configuration from kibana-docker.
+## from https://github.com/elastic/kibana-docker/blob/master/build/kibana/config/kibana.yml
+#
+server.name: opendmp.kibana
+server.host: "0.0.0.0"
+## Custom configuration
+elasticsearch.hosts: [ "https://opendmp.elasticsearch:9200" ]
+elasticsearch.ssl.certificateAuthorities: [ "/usr/share/kibana/certificate_authorities/ca.crt" ]
+
+elasticsearch.username: "kibana"
+elasticsearch.password: "2VzNck1n3uCed9d27wHn"
+server.ssl.enabled: false
+server.ssl.key: "/usr/share/kibana/certificates/kibana.key"
+server.ssl.certificate: "/usr/share/kibana/certificates/kibana.crt"

deployment/elk/elasticsearch/Dockerfile

@@ -0,0 +1,18 @@
+ARG ELK_VERSION
+ARG DEPLOY_USER
+
+# https://github.com/elastic/elasticsearch-docker
+FROM docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION}
+
+RUN /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu && \ 
+    /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-phonetic
+USER root
+RUN groupmod -g ${DEPLOY_USER} elasticsearch
+RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_USER} elasticsearch
+RUN chown -R elasticsearch /usr/share/elasticsearch
+RUN sed -i -e 's/--userspec=1000/--userspec=${DEPLOY_USER}/g' \
+           -e 's/UID 1000/UID ${DEPLOY_USER}/' \
+           -e 's/chown -R 1000/chown -R ${DEPLOY_USER}/' /usr/local/bin/docker-entrypoint.sh
+RUN chown elasticsearch /usr/local/bin/docker-entrypoint.sh
+
+ENV JAVA_HOME /usr/share/elasticsearch/jdk

deployment/elk/filebeat/Dockerfile

@@ -0,0 +1,14 @@
+ARG ELK_VERSION
+
+FROM docker.elastic.co/beats/filebeat:${ELK_VERSION}
+
+USER root
+RUN groupmod -g 1008 filebeat
+RUN usermod -u 1008 -g 1008 filebeat
+RUN chown -R filebeat /usr/share/filebeat
+RUN sed -i -e 's/--userspec=1000/--userspec=1008/g' \
+           -e 's/UID 1000/UID 1008/' \
+           -e 's/chown -R 1000/chown -R 1008/' /usr/local/bin/docker-entrypoint
+RUN chown filebeat /usr/local/bin/docker-entrypoint
+
+USER 1008:1008

deployment/elk/kibana/Dockerfile

@@ -0,0 +1,14 @@
+ARG ELK_VERSION
+
+# https://github.com/elastic/kibana-docker
+FROM docker.elastic.co/kibana/kibana:${ELK_VERSION}
+
+USER root
+RUN groupmod -g 1008 kibana
+RUN usermod -u 1008 -g 1008 kibana
+RUN chown -R kibana /usr/share/kibana
+
+USER 1008:1008
+
+# Add your kibana plugins setup here
+# Example: RUN kibana-plugin install <name|url>

deployment/elk/logstash/Dockerfile

@@ -0,0 +1,19 @@
+ARG ELK_VERSION
+
+# https://github.com/elastic/logstash-docker
+FROM docker.elastic.co/logstash/logstash:${ELK_VERSION}
+
+USER root
+RUN groupmod -g 1008 logstash
+RUN usermod -u 1008 -g 1008 logstash
+RUN chown -R logstash /usr/share/logstash
+RUN sed -i -e 's/--userspec=1000/--userspec=1008/g' \
+           -e 's/UID 1000/UID 1008/' \
+           -e 's/chown -R 1000/chown -R 1008/' /usr/local/bin/docker-entrypoint
+RUN chown logstash /usr/local/bin/docker-entrypoint
+
+USER 1008:1008
+
+# Add your logstash plugins setup here
+# Example: RUN logstash-plugin install logstash-filter-json
+RUN logstash-plugin update logstash-input-beats

deployment/gotenberg/gotenberg.env

@@ -0,0 +1,4 @@
+DEFAULT_WAIT_TIMEOUT=40
+MAXIMUM_WAIT_DELAY=40
+MAXIMUM_WAIT_TIMEOUT=40
+DISABLE_GOOGLE_CHROME=1

deployment/keycloak/certs/keycloak-selfsigned.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDvzCCAqegAwIBAgIUL9YHiVgQxrFPSGq4nMe6KbMznaowDQYJKoZIhvcNAQEL
+BQAwbzELMAkGA1UEBhMCR1IxDzANBgNVBAgMBkF0dGljYTEPMA0GA1UEBwwGQXRo
+ZW5zMQwwCgYDVQQKDANOTEcxDjAMBgNVBAsMBU9TRFlFMSAwHgYDVQQDDBdubGct
+b3NkeWUubG9jYWwuY2l0ZS5ncjAeFw0yMDExMjcxODMzNTJaFw0yMTExMjcxODMz
+NTJaMG8xCzAJBgNVBAYTAkdSMQ8wDQYDVQQIDAZBdHRpY2ExDzANBgNVBAcMBkF0
+aGVuczEMMAoGA1UECgwDTkxHMQ4wDAYDVQQLDAVPU0RZRTEgMB4GA1UEAwwXbmxn
+LW9zZHllLmxvY2FsLmNpdGUuZ3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCYsoKFVSg67/NckladOuqFDeJWMYOYa1MhMTCpLL5UksoYM+BiKbWvXmRH
+AGZAjIO2sGf6vTFO7SN6LdjCRRqJfS9zQVKHZKUdvfxkGnPaAIqWAwQkM4fFUlZF
+e5jsGd7owCoEEFAirJpz53z27Xa0En5CLSI5eLGBqLNz31zi1Rdh5BPLAtgLGEoS
+kOhlDXwgGtTmBAS82sXRr51J6DQr5stKsN68+DCwJiY6GU3Kun2Kyl+bepkEtHLM
+SOxe5Du3F93kC4TwFckG+JSLrq8neXNbyoBOLYNxPzAGLg9vmD7nX02hFfONdX5p
+zeGMD+0oyujL0HtH8nKkv9OtvYP1AgMBAAGjUzBRMB0GA1UdDgQWBBTrvPpWYBX6
+spVt2gpkpDW6yzrBZzAfBgNVHSMEGDAWgBTrvPpWYBX6spVt2gpkpDW6yzrBZzAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAqfOJiorxiszfKKeD2
+eVda5pBU+qDnUOewRKizAktPm7V+cjM7bTEkmEHQ/oKlsT0FX5nsa8YfZCYgdotd
+cDWC9KqYy9itXPESoJIZ/gMJ57v1BaVDly8tHedXEltob9ywrUyf7OF55eP0fWwb
+AK90PfnRsxaurVYU5nfI9U/2jpi/LdsEYlJ7zUj7KM/Z2MwPA+be4EqjNcYLT/NB
+bavhjLgZNoTkI7wYOJug+ouPn6xJJcj06RS1Q4FxtfrsnAuT+L33HemUludEUE00
+TJwYWJN9hOgbyzTf5EsHxxME1gIhcYLYPMeBr9VIyJxdAEuuDJbn87oOB094sCA+
+nvpp
+-----END CERTIFICATE-----

deployment/keycloak/certs/keycloak-selfsigned.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCYsoKFVSg67/Nc
+kladOuqFDeJWMYOYa1MhMTCpLL5UksoYM+BiKbWvXmRHAGZAjIO2sGf6vTFO7SN6
+LdjCRRqJfS9zQVKHZKUdvfxkGnPaAIqWAwQkM4fFUlZFe5jsGd7owCoEEFAirJpz
+53z27Xa0En5CLSI5eLGBqLNz31zi1Rdh5BPLAtgLGEoSkOhlDXwgGtTmBAS82sXR
+r51J6DQr5stKsN68+DCwJiY6GU3Kun2Kyl+bepkEtHLMSOxe5Du3F93kC4TwFckG
++JSLrq8neXNbyoBOLYNxPzAGLg9vmD7nX02hFfONdX5pzeGMD+0oyujL0HtH8nKk
+v9OtvYP1AgMBAAECggEAajxoCpPAtaCT1GgL0sBWwdNzETzJrZWd9I3gqRL0KKsn
+58bP6fvS5/voEG36thYM3WHGNfDDCYJ7GFolYKPrXpS2Gp3r6T7gkdzIaGzvBVEz
+GkNm8jjX0TUDyLvBHSKyr4RitwkSd81WeCUqEDIOUCI9rZTxJsMN3IOetpNEcJt1
+xR2kVuTkQiIs5evQCQ2arqTf/VQFb7FuVTtmrOggsTn33FnrUDujTAAsbEoglgvw
+w1A2AYtMdGcrFIsUMJFdECkQGPVeqzKHddi1k1hv3DmOx5Rf4xJCdTL9ZYzbU1lw
+ydSAM88UA7MTZWNYCGb4HjqEeDRnMUN/Qbi4f80PgQKBgQDKWLxsCBBgFRoH6nlh
+TmBwYOmdQkBE09txpcpAFVZVv3eq/syZnT5+pcyj7EUexhu/p78UHPPkXDfnIKKe
+C+7VOEmSM9cPMZU6cqB1x4+YZkyiU1rPD2SG46ZxBBTKsPWauJNvtuhW3K6kwMCT
+ECiwG1f9EAmf9q7YKqdXGgUL3QKBgQDBL5WDIRtqHBdIPgHMue/teM+fP8I0/GKV
+D3oJjBLE+I7JNp0lpeVhDvqfAL0AgZ5023hjlPobUNtpWyuLufzY6S2Pv1scyM3A
+xW/LVXtC7QzdPmhrPxZkHEmRFA1zXdYo0xH4O+KDXVmYuzpIPfgrQkzt1EvP5jxv
+tbjY935C+QKBgHZhr+rsVNhBwDb9YQIi3p0gtcyBZCRgZjR5MHiJgzcri5GI/J6q
+tlNWIQGOS2oTsUxRkaLsxWvG4BXirAEXLiWkhrZ4icuj0JCfW21M0Z/xycf2SFx3
+vvKD4W6hWqCzIx3f+rITKp8XAT32XzQq8gMGHFY7ucXShryFR93XpTgpAoGALaAF
+WaDaDqdvwDoUxrsrNRSRRHUUctsglT/AfLy+OhLR9ieV2axijhexjRfpi1MRj1u+
+BRbMMuNXznwfvrJASyJXBloVNKkgHuUCUC1yHQ5LOX1hv+J4cVBU95Sa0KJaz+15
+kvzhtFC5tl6Rlzo7gEv6SzkWZpVjtKZgb62T/lECgYBr6PyDcGVGc8rbjxugnUnm
+rShh7nMRUiTMLpWrucf7Mfr4cwFgejCoEMXPgxJF5Q1acppL0dKQzfmLVqazNX58
+0XM0+fNDIeGyYKAbqtnqfmyI7O/Lb1jXPFuCNujzDxfeJX0yxoo38US4ZCD2iUrW
+ZK/FFkm5ncXTenBhpHOANQ==
+-----END PRIVATE KEY-----

deployment/keycloak/keycloak.env

@@ -0,0 +1,23 @@
+##################### KEYCLOAK #########################
+# DB related configuraation
+KC_DB=postgres
+KC_DB_URL_HOST=opendmp.postgres
+KC_DB_SCHEMA=public
+KC_DB_URL_DATABASE=keycloak
+KC_DB_PORT=5432
+KC_DB_USERNAME=keycloak-admin
+KC_DB_PASSWORD=admin
+
+#Keycloak related configuration
+KEYCLOAK_ADMIN=opendmp-admin
+KEYCLOAK_ADMIN_PASSWORD=admin
+KC_HOSTNAME_URL=https://localhost:8082
+KC_HOSTNAME_ADMIN_URL=https://localhost:8082
+KC_PROXY_HEADERS=xforwarded
+KC_HOSTNAME_STRICT_HTTPS=true
+KC_HOSTNAME_STRICT_BACKCHANNEL=true
+KC_TRANSACTION_XA_ENABLED=false
+KC_HEALTH_ENABLED=true
+KC_METRICS_ENABLED=true
+KC_HTTPS_CERTIFICATE_FILE=/tmp/keycloak-selfsigned.crt
+KC_HTTPS_CERTIFICATE_KEY_FILE=/tmp/keycloak-selfsigned.key

deployment/postgres/postgres.env

@@ -0,0 +1,4 @@
+#################### POSTGRES ########################
+#POSTGRES_DB=keycloak
+POSTGRES_USER=admin
+POSTGRES_PASSWORD=changeme

deployment/proxy/ProxyNginx.conf

@@ -0,0 +1,147 @@
+server {
+    listen      8080 default_server;
+    listen      [::]:8080 default_server;
+    server_name "";
+    return      444;
+}
+
+server {
+    listen 8080;
+    server_name  ${APP_HOST}${APP_PORT};
+    location / {
+        return 301 https://$host$request_uri;
+    }    
+}
+
+server {
+    listen 8081 ssl;
+    ssl_certificate /certifcates/cert.crt;
+    ssl_certificate_key /certifcates/key.key;
+    server_name  ${APP_HOST}${APP_PORT};
+    proxy_pass_header Server;
+    
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header X-Content-Type-Options nosniff;
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+    add_header Referrer-Policy 'strict-origin' always;
+    add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always;
+    add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always;
+    
+    location / {
+
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+
+        # Fix the “It appears that your reverse proxy set up is broken" error.
+        proxy_pass              http://opendmp.frontend:8080;
+        proxy_read_timeout      90;
+        proxy_redirect          http://opendmp.frontend:8080 https://${APP_HOST}${APP_PORT};
+    }
+
+    location /api/ {
+
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+
+        # Fix the “It appears that your reverse proxy set up is broken" error.
+        proxy_pass              http://opendmp.backend:8080;
+        proxy_read_timeout      90;
+        proxy_redirect          http://opendmp.backend:8080 https://${APP_HOST}${APP_PORT}/api;
+    }
+
+    location /api/notification/ {
+
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+
+        # Fix the “It appears that your reverse proxy set up is broken" error.
+        proxy_pass              http://opendmp.notification:8080;
+        proxy_read_timeout      90;
+        proxy_redirect          http://opendmp.notification:8080 https://${APP_HOST}${APP_PORT}/api/notification;
+    }
+
+    location /api/annotation/ {
+
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+
+        # Fix the “It appears that your reverse proxy set up is broken" error.
+        proxy_pass              http://opendmp.annotation:8080;
+        proxy_read_timeout      90;
+        proxy_redirect          http://opendmp.annotation:8080 https://${APP_HOST}${APP_PORT}/api/annotation;
+    }
+}
+
+server {
+    listen 8082 ssl;
+    ssl_certificate /certifcates/cert.crt;
+    ssl_certificate_key /certifcates/key.key;
+    server_name  ${MS_HOST};
+    proxy_pass_header Server;
+    
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header X-Content-Type-Options nosniff;
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+    add_header Referrer-Policy 'strict-origin' always;
+    add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always;
+    add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always;
+
+    location /keycloak/ {
+
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_set_header        X-Forwarded-Port   $server_port;
+        proxy_set_header        X-Forwarded-Host   $host;
+        proxy_set_header        X-Forwarded-Server $host;
+
+        # Fix the “It appears that your reverse proxy set up is broken" error.
+        proxy_pass              https://opendmp.keycloak:8443;
+        proxy_read_timeout      90;
+
+        proxy_redirect          http://opendmp.keycloak:8443 https://${MS_HOST}${MS_PORT}/keycloak;
+    }
+
+    location /rabbitmq/ {
+
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_set_header        X-Forwarded-Port   $server_port;
+        proxy_set_header        X-Forwarded-Host   $host;
+        proxy_set_header        X-Forwarded-Server $host;
+
+        # Fix the “It appears that your reverse proxy set up is broken" error.
+        proxy_pass              https://opendmp.rabbitmq:15672;
+        proxy_read_timeout      90;
+
+        proxy_redirect          http://opendmp.rabbitmq:15672 https://${MS_HOST}${MS_PORT}/rabbitmq;
+    }
+
+    location /elastic/ {
+
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_set_header        X-Forwarded-Port   $server_port;
+        proxy_set_header        X-Forwarded-Host   $host;
+        proxy_set_header        X-Forwarded-Server $host;
+
+        # Fix the “It appears that your reverse proxy set up is broken" error.
+        proxy_pass              https://opendmp.kibana:5601;
+        proxy_read_timeout      90;
+
+        proxy_redirect          http://opendmp.kibana:5601 https://${MS_HOST}${MS_PORT}/elastic;
+    }
+}

deployment/proxy/nginx-selfsigned.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDvzCCAqegAwIBAgIUL9YHiVgQxrFPSGq4nMe6KbMznaowDQYJKoZIhvcNAQEL
+BQAwbzELMAkGA1UEBhMCR1IxDzANBgNVBAgMBkF0dGljYTEPMA0GA1UEBwwGQXRo
+ZW5zMQwwCgYDVQQKDANOTEcxDjAMBgNVBAsMBU9TRFlFMSAwHgYDVQQDDBdubGct
+b3NkeWUubG9jYWwuY2l0ZS5ncjAeFw0yMDExMjcxODMzNTJaFw0yMTExMjcxODMz
+NTJaMG8xCzAJBgNVBAYTAkdSMQ8wDQYDVQQIDAZBdHRpY2ExDzANBgNVBAcMBkF0
+aGVuczEMMAoGA1UECgwDTkxHMQ4wDAYDVQQLDAVPU0RZRTEgMB4GA1UEAwwXbmxn
+LW9zZHllLmxvY2FsLmNpdGUuZ3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCYsoKFVSg67/NckladOuqFDeJWMYOYa1MhMTCpLL5UksoYM+BiKbWvXmRH
+AGZAjIO2sGf6vTFO7SN6LdjCRRqJfS9zQVKHZKUdvfxkGnPaAIqWAwQkM4fFUlZF
+e5jsGd7owCoEEFAirJpz53z27Xa0En5CLSI5eLGBqLNz31zi1Rdh5BPLAtgLGEoS
+kOhlDXwgGtTmBAS82sXRr51J6DQr5stKsN68+DCwJiY6GU3Kun2Kyl+bepkEtHLM
+SOxe5Du3F93kC4TwFckG+JSLrq8neXNbyoBOLYNxPzAGLg9vmD7nX02hFfONdX5p
+zeGMD+0oyujL0HtH8nKkv9OtvYP1AgMBAAGjUzBRMB0GA1UdDgQWBBTrvPpWYBX6
+spVt2gpkpDW6yzrBZzAfBgNVHSMEGDAWgBTrvPpWYBX6spVt2gpkpDW6yzrBZzAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAqfOJiorxiszfKKeD2
+eVda5pBU+qDnUOewRKizAktPm7V+cjM7bTEkmEHQ/oKlsT0FX5nsa8YfZCYgdotd
+cDWC9KqYy9itXPESoJIZ/gMJ57v1BaVDly8tHedXEltob9ywrUyf7OF55eP0fWwb
+AK90PfnRsxaurVYU5nfI9U/2jpi/LdsEYlJ7zUj7KM/Z2MwPA+be4EqjNcYLT/NB
+bavhjLgZNoTkI7wYOJug+ouPn6xJJcj06RS1Q4FxtfrsnAuT+L33HemUludEUE00
+TJwYWJN9hOgbyzTf5EsHxxME1gIhcYLYPMeBr9VIyJxdAEuuDJbn87oOB094sCA+
+nvpp
+-----END CERTIFICATE-----

deployment/proxy/nginx-selfsigned.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCYsoKFVSg67/Nc
+kladOuqFDeJWMYOYa1MhMTCpLL5UksoYM+BiKbWvXmRHAGZAjIO2sGf6vTFO7SN6
+LdjCRRqJfS9zQVKHZKUdvfxkGnPaAIqWAwQkM4fFUlZFe5jsGd7owCoEEFAirJpz
+53z27Xa0En5CLSI5eLGBqLNz31zi1Rdh5BPLAtgLGEoSkOhlDXwgGtTmBAS82sXR
+r51J6DQr5stKsN68+DCwJiY6GU3Kun2Kyl+bepkEtHLMSOxe5Du3F93kC4TwFckG
++JSLrq8neXNbyoBOLYNxPzAGLg9vmD7nX02hFfONdX5pzeGMD+0oyujL0HtH8nKk
+v9OtvYP1AgMBAAECggEAajxoCpPAtaCT1GgL0sBWwdNzETzJrZWd9I3gqRL0KKsn
+58bP6fvS5/voEG36thYM3WHGNfDDCYJ7GFolYKPrXpS2Gp3r6T7gkdzIaGzvBVEz
+GkNm8jjX0TUDyLvBHSKyr4RitwkSd81WeCUqEDIOUCI9rZTxJsMN3IOetpNEcJt1
+xR2kVuTkQiIs5evQCQ2arqTf/VQFb7FuVTtmrOggsTn33FnrUDujTAAsbEoglgvw
+w1A2AYtMdGcrFIsUMJFdECkQGPVeqzKHddi1k1hv3DmOx5Rf4xJCdTL9ZYzbU1lw
+ydSAM88UA7MTZWNYCGb4HjqEeDRnMUN/Qbi4f80PgQKBgQDKWLxsCBBgFRoH6nlh
+TmBwYOmdQkBE09txpcpAFVZVv3eq/syZnT5+pcyj7EUexhu/p78UHPPkXDfnIKKe
+C+7VOEmSM9cPMZU6cqB1x4+YZkyiU1rPD2SG46ZxBBTKsPWauJNvtuhW3K6kwMCT
+ECiwG1f9EAmf9q7YKqdXGgUL3QKBgQDBL5WDIRtqHBdIPgHMue/teM+fP8I0/GKV
+D3oJjBLE+I7JNp0lpeVhDvqfAL0AgZ5023hjlPobUNtpWyuLufzY6S2Pv1scyM3A
+xW/LVXtC7QzdPmhrPxZkHEmRFA1zXdYo0xH4O+KDXVmYuzpIPfgrQkzt1EvP5jxv
+tbjY935C+QKBgHZhr+rsVNhBwDb9YQIi3p0gtcyBZCRgZjR5MHiJgzcri5GI/J6q
+tlNWIQGOS2oTsUxRkaLsxWvG4BXirAEXLiWkhrZ4icuj0JCfW21M0Z/xycf2SFx3
+vvKD4W6hWqCzIx3f+rITKp8XAT32XzQq8gMGHFY7ucXShryFR93XpTgpAoGALaAF
+WaDaDqdvwDoUxrsrNRSRRHUUctsglT/AfLy+OhLR9ieV2axijhexjRfpi1MRj1u+
+BRbMMuNXznwfvrJASyJXBloVNKkgHuUCUC1yHQ5LOX1hv+J4cVBU95Sa0KJaz+15
+kvzhtFC5tl6Rlzo7gEv6SzkWZpVjtKZgb62T/lECgYBr6PyDcGVGc8rbjxugnUnm
+rShh7nMRUiTMLpWrucf7Mfr4cwFgejCoEMXPgxJF5Q1acppL0dKQzfmLVqazNX58
+0XM0+fNDIeGyYKAbqtnqfmyI7O/Lb1jXPFuCNujzDxfeJX0yxoo38US4ZCD2iUrW
+ZK/FFkm5ncXTenBhpHOANQ==
+-----END PRIVATE KEY-----

deployment/proxy/nginx.conf

@@ -0,0 +1,32 @@
+worker_processes  auto;
+error_log  /tmp/logs/error.log warn;
+pid        /tmp/nginx.pid;
+events {
+    worker_connections  1024;
+}
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    server_tokens off;
+
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
+
+    client_header_buffer_size 4k;
+    large_client_header_buffers 4 32k;
+    client_max_body_size 1150m;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_real_ip" [$proxy_add_x_forwarded_for]';
+                      
+    access_log  /tmp/logs/access.log  main;
+    sendfile        on;
+    #tcp_nopush     on;
+    keepalive_timeout  65;
+    #gzip  on;
+    include /etc/nginx/conf.d/*.conf;
+}

deployment/proxy/proxy.env

@@ -0,0 +1,4 @@
+APP_HOST=localhost
+APP_PORT=:51040
+MS_HOST=localhost
+MS_PORT=:51041

deployment/rabbitmq/rabbitmq.env

@@ -0,0 +1,3 @@
+RABBITMQ_DEFAULT_USER=guest
+RABBITMQ_DEFAULT_PASS=guest
+RABBITMQ_DEFAULT_VHOST=/rabbitmq/

docker-compose.override.yml

@@ -1,90 +0,0 @@
-version: "3.8"
-
-services:
-  elasticsearch:
-    user: 1002:1002 #develuser
-    restart: unless-stopped
-    mem_limit: 2048m
-    environment:
-      - cluster.name=open-dmp-cluster
-      - bootstrap.memory_lock=true
-      - "ES_JAVA_OPTS=-Xmx1024m -Xms1024m"
-      - xpack.license.self_generated.type=basic 
-      - xpack.monitoring.collection.enabled=true
-      - xpack.security.enabled=true
-    ulimits:
-      nproc: 65535
-      memlock:
-        soft: -1
-        hard: -1
-    volumes:
-      - ./ELK.Docker/shared/config-elk/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro
-      - ./ELK.Docker/shared/config-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
-      - ./ELK.Docker/shared/data-elk/elasticsearch-01-data:/usr/share/elasticsearch/data
-      - ./ELK.Docker/shared/data-elk/elasticsearch-01-log:/usr/share/elasticsearch/logs
-    #ports:
-    #  - 51056:9200
-    #  - 51057:9300
-    ports:
-      - "9201:9200"
-    expose:
-      - "9200"
-    hostname: opendmp-elastic
-    networks:
-      open-dmp-elk-network:
-        aliases:
-            - opendmp-elastic
-    
-  logstash:
-    # user: 1002:1002 #develuser
-    volumes:
-      - ./ELK.Docker/shared/config-elk/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro
-      - ./ELK.Docker/shared/config-elk/logstash/config/pipelines.yml:/usr/share/logstash/config/pipelines.yml:ro
-      - ./ELK.Docker/shared/config-elk/logstash/config/log4j2.properties:/usr/share/logstash/config/log4j2.properties:ro
-      - ./ELK.Docker/shared/config-elk/logstash/pipeline:/usr/share/logstash/pipeline:ro
-      - ./ELK.Docker/shared/config-elk/logstash/logstash/templates:/usr/share/logstash/templates
-      - ./ELK.Docker/shared/data-elk/logstash-log:/usr/share/logstash/logs
-      - ./ELK.Docker/shared/data-elk/logstash-queue:/usr/share/logstash/queue
-      - ./ELK.Docker/shared/data-elk/logstash-dead_letter_queue:/usr/share/logstash/dead_letter_queue
-    expose:
-      - "31311"
-      - "31312"
-    restart: on-failure
-    mem_limit: 2048m
-    environment:
-      - LS_JAVA_OPTS=-Xmx1024m -Xms1024m
-      - xpack.license.self_generated.type=basic 
-      - xpack.security.enabled=true
-    networks:
-      open-dmp-elk-network:
-
-  kibana:
-    # user: 1002:1002 #develuser
-    mem_limit: 512m
-    environment:
-      - xpack.license.self_generated.type=basic 
-      - xpack.security.enabled=true
-      
-    volumes:
-      - ./ELK.Docker/shared/config-elk/kibana/config:/usr/share/kibana/config:ro
-      #- ./ELK.Docker/shared/config-elk/kibana/certificates:/usr/share/kibana/certificates
-    restart: unless-stopped
-    ports:
-      - "51058:5601"
-    networks:
-      - open-dmp-elk-network
-
-  filebeat:
-    restart: unless-stopped
-    mem_limit: 256m
-    #command: [ "-e=false" ] # to overwrite the -e that disables logging to file!
-    volumes:
-      - ./ELK.Docker/shared/config-elk/filebeat/config/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
-      - ./openDMP/logs:/usr/share/filebeat/log_data/dmp/
-      - ./ELK.Docker/shared/data-elk/filebeat-log:/usr/share/filebeat/logs
-      - ./ELK.Docker/shared/data-elk/filebeat-data:/usr/share/filebeat/data #For windows if we mount the data  directory we get "Writing of registry returned error: sync /usr/share/filebeat/data/registry/filebeat: invalid argument."
-    networks:
-      - open-dmp-elk-network
-
-networks:
-  open-dmp-elk-network:

docker-compose.yml

@@ -1,122 +0,0 @@
-version: "3.8"
-
-services:
-  dmp-db:
-    image: postgres
-    container_name: opendmp-db
-    restart: unless-stopped
-    ports:
-      - "5001:5432"
-    expose:
-      - "5432"
-    volumes:
-      - dmpdata:/var/lib/postgresql/data
-      - ./dmp-db-scema:/docker-entrypoint-initdb.d/
-      - ./dmp-db-scema/main:/main
-      - ./dmp-db-scema/updates:/updates
-    env_file: ./dmp-db-scema/Docker/dmp-db.env
-    networks: 
-      - opendmp-backend-network
-
-  dmp-pdf-converter:
-    image: gotenberg/gotenberg:7.4.0
-    container_name: opendmp-pdf-converter
-    restart: unless-stopped
-    ports:
-      - "3001:3000"
-    expose:
-      - "3000"
-    hostname: opendmp-pdf
-    networks:
-      opendmp-pdf-network:
-        aliases:
-            - opendmp-pdf
-
-  dmp-backend:
-    build:
-      context: ./dmp-backend
-    container_name: opendmp-backend
-    env_file: ./dmp-backend/Docker/dmp-backend.env
-    restart: unless-stopped
-    mem_limit: 2048m
-    ports:
-      - "8081:8081"
-    expose:
-      - "8080"
-    networks:
-      - opendmp-backend-network
-      - opendmp-pdf-network
-      - open-dmp-elk-network
-    volumes:
-      - ./dmp-backend/web/main/resources/config:/app/config
-      - ./user-guide:/app/user-guide
-      - ./dmp-frontend/src/assets/i18n:/app/i18n
-      - ./dmp-backend/web/main/resources/externalUrls:/app/externalUrls
-      - ./dmp-backend/web/main/resources/templates:/app/templates
-      - ./openDMP/dmp-backend/opendmp-logs:/app/logs
-      - ./openDMP/dmp-backend/tmp:/app/tmp
-      - ./dmp-backend/web/main/resources/logging:/app/logging
-      - ./dmp-backend/web/main/resources/documents:/app/documents
-
-  dmp-frontend:
-    build:
-      context: ./dmp-frontend
-    container_name: opendmp-frontend
-    mem_limit: 2048m
-    restart: unless-stopped
-    ports:
-      - "8080:4200"
-    volumes:
-      - ./openDMP/dmp-frontend/static-files:/usr/share/nginx/static
-      - ./dmp-frontend/src/assets/config:/usr/share/nginx/html/assets/config
-    networks:
-      - opendmp-frontend-network
-
-  elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
-    container_name: elasticsearch
-    build:
-      context: ./ELK.Docker/elasticsearch/
-      args:
-        ELK_VERSION: $ELK_VERSION
-    healthcheck:
-      # test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
-      interval: 30s
-      timeout: 10s
-      retries: 5
-  
-  logstash:
-    image: docker.elastic.co/logstash/logstash:${STACK_VERSION}
-    container_name: logstash
-    build:
-      context: ./ELK.Docker/logstash/
-      args:
-        ELK_VERSION: $ELK_VERSION
-    depends_on:
-      - elasticsearch
-
-  kibana:
-    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
-    build:
-      context: ./ELK.Docker/kibana/
-      args:
-        ELK_VERSION: $ELK_VERSION
-    depends_on:
-      - elasticsearch
-  filebeat:
-    image: docker.elastic.co/filebeat/filebeat:${STACK_VERSION}
-    build:
-      context: ./ELK.Docker/filebeat/
-      args:
-        ELK_VERSION: $ELK_VERSION
-    depends_on:
-      - logstash
-
-networks:
-  opendmp-frontend-network:
-  opendmp-backend-network:
-  opendmp-pdf-network:
-  open-dmp-elk-network:
-volumes: 
-  dmpdata:
-    external: true