init microservice deployment commit
This commit is contained in:
parent
ed9a4ab2c8
commit
f2a1ce4f0f
5
.env
5
.env
|
@ -1,5 +0,0 @@
|
||||||
PROFILE=docker
|
|
||||||
|
|
||||||
# Version of Elastic products
|
|
||||||
ELK_VERSION=7.17.4
|
|
||||||
STACK_VERSION=7.17.4
|
|
|
@ -1,66 +0,0 @@
|
||||||
def pipelineContext = [:]
|
|
||||||
|
|
||||||
pipeline {
|
|
||||||
agent any
|
|
||||||
|
|
||||||
options {
|
|
||||||
skipDefaultCheckout(true)
|
|
||||||
}
|
|
||||||
|
|
||||||
stages {
|
|
||||||
stage('Checkout') {
|
|
||||||
steps {
|
|
||||||
checkout scm
|
|
||||||
}
|
|
||||||
}
|
|
||||||
stage('Build API') {
|
|
||||||
steps {
|
|
||||||
script {
|
|
||||||
pipelineContext.apiImage = docker.build("open-dmp-api:${env.BUILD_ID}", "-f dmp-backend/Dockerfile.CI dmp-backend/")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
stage('Build WebApp') {
|
|
||||||
steps {
|
|
||||||
script {
|
|
||||||
pipelineContext.webappImage = docker.build("open-dmp-webapp:${env.BUILD_ID}", "-f dmp-frontend/Dockerfile.CI dmp-frontend/")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
//stage('SonarQube analysis') {
|
|
||||||
// steps {
|
|
||||||
// script {
|
|
||||||
// def scannerHome = tool 'SonarQube Scanner 4.3';
|
|
||||||
// withSonarQubeEnv('SonarQube') { // If you have configured more than one global server connection, you can specify its name
|
|
||||||
// sh "${scannerHome}/bin/sonar-scanner"
|
|
||||||
// }
|
|
||||||
// }
|
|
||||||
// }
|
|
||||||
//}
|
|
||||||
//// waiting for sonar results based into the configured web hook in Sonar server which push the status back to jenkins
|
|
||||||
//stage('SonarQube scan result check') {
|
|
||||||
// steps {
|
|
||||||
// timeout(time: 2, unit: 'MINUTES') {
|
|
||||||
// retry(3) {
|
|
||||||
// script {
|
|
||||||
// def qg = waitForQualityGate()
|
|
||||||
// if (qg.status != 'OK') {
|
|
||||||
// error "Pipeline aborted due to quality gate failure: ${qg.status}"
|
|
||||||
// }
|
|
||||||
// }
|
|
||||||
// }
|
|
||||||
// }
|
|
||||||
// }
|
|
||||||
//}
|
|
||||||
stage('Pushing to Docker Registry') {
|
|
||||||
steps {
|
|
||||||
script {
|
|
||||||
docker.withRegistry('http://drepo.local.cite.gr', 'b2c651c1-9a3b-4a98-a6da-e1dd7a20f512') {
|
|
||||||
pipelineContext.apiImage.push()
|
|
||||||
pipelineContext.webappImage.push()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
###################### GENERAL #########################
|
||||||
|
#User that is used to deploy the containers
|
||||||
|
DEPLOY_USER=root
|
||||||
|
|
||||||
|
#version selections
|
||||||
|
PROXY_TAG=mainline-alpine
|
||||||
|
MAIN_APP_TAG=2.1.3
|
||||||
|
NOTIFICATION_APP_TAG=2.1.3
|
||||||
|
ANNOTATION_APP_TAG=2.1.3
|
||||||
|
DOCX_APP_TAG=0.0.8
|
||||||
|
JSON_APP_TAG=0.0.6
|
||||||
|
ZENODO_APP_TAG=2.0.4
|
||||||
|
ELK_VERSION=8.13.12
|
||||||
|
KEYCLOAK_TAG=24.0.2
|
||||||
|
GOTENBERG_TAG=8.4.0
|
||||||
|
POSTGRES_TAG=16-alpine
|
||||||
|
|
||||||
|
#Application configuration
|
||||||
|
DOCKER_REGISTRY=crepo.cite.gr/
|
||||||
|
PROFILE=staging
|
||||||
|
|
||||||
|
#port speficiations
|
||||||
|
SERVER_PORT=8080
|
||||||
|
PROXY_APP_PORT=8081
|
||||||
|
PROXY_MS_PORT=8082
|
||||||
|
POSTGRES_PORT=5432
|
|
@ -0,0 +1,314 @@
|
||||||
|
version: "2.4"
|
||||||
|
|
||||||
|
services:
|
||||||
|
############################## PROXY ########################################
|
||||||
|
opendmp.proxy:
|
||||||
|
user: ${DEPLOY_USER}:${DEPLOY_USER}
|
||||||
|
restart: unless-stopped
|
||||||
|
cpus: 1
|
||||||
|
mem_limit: 256m
|
||||||
|
ports:
|
||||||
|
- "${PROXY_APP_PORT}:8081"
|
||||||
|
- "${PROXY_MS_PORT}:8082"
|
||||||
|
env_file:
|
||||||
|
- /proxy/proxy.env
|
||||||
|
volumes:
|
||||||
|
- /proxy/nginx.conf:/etc/nginx/nginx.conf
|
||||||
|
- /proxy/ProxyNginx.conf:/etc/nginx/conf.d/default.conf
|
||||||
|
- /proxy/nginx-selfsigned.crt:/certifcates/cert.crt
|
||||||
|
- /proxy/nginx-selfsigned.key:/certifcates/key.key
|
||||||
|
- /logs/proxy:/tmp/logs
|
||||||
|
networks:
|
||||||
|
- opendmp-proxy-network
|
||||||
|
|
||||||
|
############################## OPENDMP APP #################################
|
||||||
|
opendmp.backend:
|
||||||
|
user: ${DEPLOY_USER}:${DEPLOY_USER}
|
||||||
|
restart: unless-stopped
|
||||||
|
cpus: 1
|
||||||
|
mem_limit: 2048m
|
||||||
|
environment:
|
||||||
|
- PROFILE=${PROFILE}
|
||||||
|
ports:
|
||||||
|
- "8080"
|
||||||
|
volumes:
|
||||||
|
- /opendmp/backend/config:/config
|
||||||
|
- /opendmp/backend/certificates:/certificates
|
||||||
|
- /opendmp/backend/i18n:/i18n
|
||||||
|
- /opendmp/backend/material:/material
|
||||||
|
- /opendmp/backend/Semantics.json:/Semantics.json
|
||||||
|
- /storage/backend:/storage
|
||||||
|
- /logs/backend:/logs
|
||||||
|
networks:
|
||||||
|
- opendmp-proxy-network
|
||||||
|
- opendmp-backend-network
|
||||||
|
- opendmp-plugins-network
|
||||||
|
- opendmp-gotenberg-shared-network
|
||||||
|
- opendmp-elastic-shared-network
|
||||||
|
- opendmp-keycloak-shared-network
|
||||||
|
- opendmp-postgres-shared-network
|
||||||
|
- opendmp-rabbitmq-shared-network
|
||||||
|
|
||||||
|
opendmp.frontend:
|
||||||
|
restart: unless-stopped
|
||||||
|
cpus: 1
|
||||||
|
mem_limit: 2048m
|
||||||
|
ports:
|
||||||
|
- "8080"
|
||||||
|
volumes:
|
||||||
|
- /opendmp/webapp/config.json:/usr/share/nginx/html/assets/config/config.json
|
||||||
|
- /opendmp/webapp/nginx.conf:/etc/nginx/nginx.conf
|
||||||
|
- /opendmp/webapp/WebAppNginx.conf:/etc/nginx/conf.d/default.conf
|
||||||
|
networks:
|
||||||
|
- opendmp-proxy-network
|
||||||
|
|
||||||
|
opendmp.notification:
|
||||||
|
user: ${DEPLOY_USER}:${DEPLOY_USER}
|
||||||
|
cpus: 1
|
||||||
|
mem_limit: 1024m
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- "8080"
|
||||||
|
environment:
|
||||||
|
- PROFILE=${PROFILE}
|
||||||
|
volumes:
|
||||||
|
- /opendmp/notification-api/config:/config
|
||||||
|
- /opendmp/notification-api/messages:/messages
|
||||||
|
- /opendmp/notification-api/notification_templates:/notification_templates
|
||||||
|
- /logs/notification-api:/logs
|
||||||
|
networks:
|
||||||
|
- opendmp-proxy-network
|
||||||
|
- opendmp-backend-network
|
||||||
|
- opendmp-plugins-network
|
||||||
|
- opendmp-rabbitmq-shared-network
|
||||||
|
- opendmp-keycloak-shared-network
|
||||||
|
- opendmp-postgres-shared-network
|
||||||
|
|
||||||
|
opendmp.annotation:
|
||||||
|
user: ${DEPLOY_USER}:${DEPLOY_USER}
|
||||||
|
cpus: 1
|
||||||
|
mem_limit: 1024m
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- "8080"
|
||||||
|
environment:
|
||||||
|
- PROFILE=${PROFILE}
|
||||||
|
volumes:
|
||||||
|
- /opendmp/annotation-api/config:/config
|
||||||
|
- /opendmp/annotation-api/messages:/messages
|
||||||
|
- /logs/annotation-api:/logs
|
||||||
|
networks:
|
||||||
|
- opendmp-proxy-network
|
||||||
|
- opendmp-backend-network
|
||||||
|
- opendmp-plugins-network
|
||||||
|
- opendmp-rabbitmq-shared-network
|
||||||
|
- opendmp-keycloak-shared-network
|
||||||
|
- opendmp-postgres-shared-network
|
||||||
|
|
||||||
|
############################## FILE-TRANSFORMER #################################
|
||||||
|
|
||||||
|
opendmp.file.transformer.docx:
|
||||||
|
user: ${DEPLOY_USER}:${DEPLOY_USER}
|
||||||
|
restart: unless-stopped
|
||||||
|
cpus: 1
|
||||||
|
mem_limit: 1024m
|
||||||
|
expose:
|
||||||
|
- "8080"
|
||||||
|
environment:
|
||||||
|
- SERVER_PORT=${SERVER_PORT}
|
||||||
|
- PROFILE=${PROFILE}
|
||||||
|
volumes:
|
||||||
|
- /opendmp/file-transformer-docx/config:/config
|
||||||
|
- /logs/file-transformer-docx:/logs
|
||||||
|
- /storage/file-transformer-docx:/storage
|
||||||
|
networks:
|
||||||
|
- opendmp-backend-network
|
||||||
|
- opendmp-plugins-network
|
||||||
|
- opendmp-gotenberg-shared-network
|
||||||
|
|
||||||
|
opendmp.file.transformer.rdajson:
|
||||||
|
user: ${DEPLOY_USER}:${DEPLOY_USER}
|
||||||
|
restart: unless-stopped
|
||||||
|
cpus: 1
|
||||||
|
mem_limit: 1024m
|
||||||
|
expose:
|
||||||
|
- "8080"
|
||||||
|
environment:
|
||||||
|
- SERVER_PORT=${SERVER_PORT}
|
||||||
|
- PROFILE=${PROFILE}
|
||||||
|
volumes:
|
||||||
|
- /opendmp/file-transformer-rda-json/config:/config
|
||||||
|
- /opendmp/file-transformer-rda-json/internal:/internal
|
||||||
|
- /logs/file-transformer-rda-json:/logs
|
||||||
|
- /storage/file-transformer-rda-json:/storage
|
||||||
|
networks:
|
||||||
|
- opendmp-backend-network
|
||||||
|
- opendmp-plugins-network
|
||||||
|
|
||||||
|
############################## ZENODO #######################################
|
||||||
|
# opendmp.zenodo:
|
||||||
|
# user: ${DEPLOY_USER}:${DEPLOY_USER}
|
||||||
|
# restart: unless-stopped
|
||||||
|
# cpus: 1
|
||||||
|
# mem_limit: 1024m
|
||||||
|
# expose:
|
||||||
|
# - "8080"
|
||||||
|
# environment:
|
||||||
|
# - PROFILE=${PROFILE}
|
||||||
|
# volumes:
|
||||||
|
# - /opendmp/zenodo/config:/config
|
||||||
|
# - /opendmp/zenodo/zenodo.jpg:/zenodo.jpg
|
||||||
|
# - /logs/zenodo:/logs
|
||||||
|
# networks:
|
||||||
|
# - opendmp-plugins-network
|
||||||
|
# - opendmp-keycloak-shared-network
|
||||||
|
|
||||||
|
############################## POSTGRES 16 #################################
|
||||||
|
|
||||||
|
opendmp.postgres:
|
||||||
|
user: ${DEPLOY_USER}:${DEPLOY_USER}
|
||||||
|
restart: unless-stopped
|
||||||
|
mem_limit: 2048M
|
||||||
|
ports:
|
||||||
|
# - "127.0.0.1:${POSTGRES_PORT}:5432"
|
||||||
|
- "${POSTGRES_PORT}:5432"
|
||||||
|
env_file:
|
||||||
|
- postgres/postgres.env
|
||||||
|
volumes:
|
||||||
|
- /postgres/opendmp_init.sql:/docker-entrypoint-initdb.d/opendmp_init.sql
|
||||||
|
- /postgres/keycloak_init.sql:/docker-entrypoint-initdb.d/keycloak_init.sql
|
||||||
|
- /storage/postgres/data:/var/lib/postgresql/data
|
||||||
|
networks:
|
||||||
|
- opendmp-keycloak-shared-network
|
||||||
|
|
||||||
|
################################# ELK #################################################
|
||||||
|
opendmp.elasticsearch:
|
||||||
|
user: ${DEPLOY_USER}:${DEPLOY_USER}
|
||||||
|
group_add:
|
||||||
|
- 0
|
||||||
|
restart: unless-stopped
|
||||||
|
cpus: 2
|
||||||
|
mem_limit: 1024m
|
||||||
|
env_file:
|
||||||
|
- /elk/config-elk/elasticsearch/elastic.env
|
||||||
|
environment:
|
||||||
|
- "ES_JAVA_OPTS=-Xmx512m -Xms512m"
|
||||||
|
ulimits:
|
||||||
|
nproc: 65535
|
||||||
|
memlock:
|
||||||
|
soft: -1
|
||||||
|
hard: -1
|
||||||
|
volumes:
|
||||||
|
- /elk/config-elk/elasticsearch/certificates:/usr/share/elasticsearch/config/certificates
|
||||||
|
- /elk/config-elk/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro
|
||||||
|
- /elk/config-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
|
||||||
|
- /elk/data-elk/elasticsearch-data:/usr/share/elasticsearch/data
|
||||||
|
- /elk/data-elk/elasticsearch-log:/usr/share/elasticsearch/logs
|
||||||
|
expose:
|
||||||
|
- "9200"
|
||||||
|
- "9300"
|
||||||
|
networks:
|
||||||
|
- opendmp-elastic-network
|
||||||
|
- opendmp-elastic-shared-network
|
||||||
|
healthcheck:
|
||||||
|
test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
|
||||||
|
interval: 30s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 5
|
||||||
|
|
||||||
|
# opendmp.logstash:
|
||||||
|
# volumes:
|
||||||
|
# - /elk/data-elk/logstash-log:/usr/share/logstash/logs
|
||||||
|
|
||||||
|
opendmp.kibana:
|
||||||
|
user: ${DEPLOY_USER}:${DEPLOY_USER}
|
||||||
|
restart: unless-stopped
|
||||||
|
cpus: 2
|
||||||
|
mem_limit: 1024m
|
||||||
|
environment:
|
||||||
|
- xpack.license.self_generated.type=basic
|
||||||
|
- xpack.security.enabled=true
|
||||||
|
volumes:
|
||||||
|
- /elk/config-elk/kibana/certificates:/usr/share/kibana/certificates
|
||||||
|
- /elk/config-elk/kibana/certificates/ca:/usr/share/kibana/certificate_authorities
|
||||||
|
- /elk/config-elk/kibana/config:/usr/share/kibana/config:ro
|
||||||
|
expose:
|
||||||
|
- "5601"
|
||||||
|
networks:
|
||||||
|
- opendmp-elastic-network
|
||||||
|
|
||||||
|
# opendmp.filebeat:
|
||||||
|
|
||||||
|
|
||||||
|
############################## KEYCLOAK ###############################################
|
||||||
|
opendmp.keycloak:
|
||||||
|
restart: unless-stopped
|
||||||
|
command: ["start", "--log=console,file", "--log-file=/tmp/logs/keycloak.log", "--import-realm"]
|
||||||
|
cpus: 1
|
||||||
|
mem_limit: 1024M
|
||||||
|
security_opt:
|
||||||
|
- seccomp:unconfined
|
||||||
|
env_file:
|
||||||
|
- /keycloak/keycloak.env
|
||||||
|
environment:
|
||||||
|
- JAVA_OPTS_APPEND="-Djava.net.preferIPv4Stack=true"
|
||||||
|
volumes:
|
||||||
|
- /logs/keycloak:/tmp/logs
|
||||||
|
- /keycloak/imports/opendmp-realm.json:/opt/keycloak/data/import/opendmp-realm.json
|
||||||
|
- /keycloak/certs/keycloak-selfsigned.crt:/tmp/keycloak-selfsigned.crt:ro
|
||||||
|
- /keycloak/certs/keycloak-selfsigned.key:/tmp/keycloak-selfsigned.key:ro
|
||||||
|
expose:
|
||||||
|
- "8443"
|
||||||
|
networks:
|
||||||
|
- opendmp-proxy-network
|
||||||
|
- opendmp-keycloak-shared-network
|
||||||
|
|
||||||
|
############################## RABBITMQ ###############################################
|
||||||
|
opendmp.rabbitmq:
|
||||||
|
labels:
|
||||||
|
NAME: "rabbitmq"
|
||||||
|
cpus: 1
|
||||||
|
mem_limit: 512m
|
||||||
|
restart: unless-stopped
|
||||||
|
expose:
|
||||||
|
- "15672"
|
||||||
|
- "5672"
|
||||||
|
env_file:
|
||||||
|
- /rabbitmq/rabbitmq.env
|
||||||
|
# volumes:
|
||||||
|
# - /rabbitmq/rabbitmq.config:/etc/rabbitmq/rabbitmq.config:ro
|
||||||
|
networks:
|
||||||
|
- opendmp-proxy-network
|
||||||
|
- opendmp-rabbitmq-shared-network
|
||||||
|
|
||||||
|
############################## GOTENBERG ##############################################
|
||||||
|
opendmo.gotenberg:
|
||||||
|
mem_limit: 2048m
|
||||||
|
restart: unless-stopped
|
||||||
|
expose:
|
||||||
|
- "3000"
|
||||||
|
hostname: gotenberg
|
||||||
|
env_file:
|
||||||
|
- /gotenberg/gotenberg.env
|
||||||
|
networks:
|
||||||
|
- opendmp-gotenberg-shared-network
|
||||||
|
|
||||||
|
networks:
|
||||||
|
opendmp-proxy-network:
|
||||||
|
opendmp-backend-network:
|
||||||
|
opendmp-plugins-network:
|
||||||
|
opendmp-keycloak-shared-network:
|
||||||
|
external:
|
||||||
|
name: opendmp-keycloak-shared-network
|
||||||
|
opendmp-gotenberg-shared-network:
|
||||||
|
external:
|
||||||
|
name: opendmp-gotenberg-shared-network
|
||||||
|
opendmp-rabbitmq-shared-network:
|
||||||
|
external:
|
||||||
|
name: opendmp-rabbitmq-shared-network
|
||||||
|
opendmp-elastic-shared-network:
|
||||||
|
external:
|
||||||
|
name: opendmp-elastic-shared-network
|
||||||
|
opendmp-postgres-shared-network:
|
||||||
|
external:
|
||||||
|
name: opendmp-postgres-shared-network
|
|
@ -0,0 +1,115 @@
|
||||||
|
version: "2.4"
|
||||||
|
|
||||||
|
services:
|
||||||
|
############################## PROXY ########################################
|
||||||
|
opendmp.proxy:
|
||||||
|
container_name: opendmp.proxy
|
||||||
|
image: nginx:${PROXY_TAG}
|
||||||
|
|
||||||
|
############################## OPENDMP APP #################################
|
||||||
|
|
||||||
|
opendmp.frontend:
|
||||||
|
container_name: opendmp.frontend
|
||||||
|
image: ${DOCKER_REGISTRY}open-dmp-webapp:${MAIN_APP_TAG}
|
||||||
|
depends_on:
|
||||||
|
- opendmp.backend
|
||||||
|
- opendmp.notification
|
||||||
|
- opendmp.annotation
|
||||||
|
|
||||||
|
opendmp.backend:
|
||||||
|
container_name: opendmp.backend
|
||||||
|
image: ${DOCKER_REGISTRY}open-dmp-api:${MAIN_APP_TAG}
|
||||||
|
depends_on:
|
||||||
|
- opendmp.postgres
|
||||||
|
|
||||||
|
opendmp.notification:
|
||||||
|
container_name: opendmp.notification
|
||||||
|
image: ${DOCKER_REGISTRY}open-dmp-notification-api:${NOTIFICATION_APP_TAG}
|
||||||
|
depends_on:
|
||||||
|
- opendmp.postgres
|
||||||
|
|
||||||
|
opendmp.annotation:
|
||||||
|
container_name: opendmp.annotation
|
||||||
|
image: ${DOCKER_REGISTRY}open-dmp-annotation-api:${ANNOTATION_APP_TAG}
|
||||||
|
depends_on:
|
||||||
|
- opendmp.postgres
|
||||||
|
|
||||||
|
############################## FILE-TRANSFORMERS #######################################
|
||||||
|
|
||||||
|
opendmp.file.transformer.docx:
|
||||||
|
container_name: opendmp.file.transformer.docx
|
||||||
|
image: ${DOCKER_REGISTRY}file-transformation-docx-api:${DOCX_APP_TAG}
|
||||||
|
depends_on:
|
||||||
|
- opendmp.backend
|
||||||
|
|
||||||
|
opendmp.file.transformer.rdajson:
|
||||||
|
container_name: opendmp.file.transformer.rdajson
|
||||||
|
image: ${DOCKER_REGISTRY}file-transformation-rda-json-api:${JSON_APP_TAG}
|
||||||
|
depends_on:
|
||||||
|
- opendmp.backend
|
||||||
|
|
||||||
|
################################ ZENODO ###############################################
|
||||||
|
# opendmp.zenodo:
|
||||||
|
# container_name: opendmp.zenodo
|
||||||
|
# image: ${DOCKER_REGISTRY}repository-deposit-zenodo:${ZENODO_APP_TAG}
|
||||||
|
# depends_on:
|
||||||
|
# - opendmp.backend
|
||||||
|
|
||||||
|
############################## POSTGRES 16 ############################################
|
||||||
|
opendmp.postgres:
|
||||||
|
container_name: opendmp.postgres
|
||||||
|
image: postgres:${POSTGRES_TAG}
|
||||||
|
|
||||||
|
################################# ELK #################################################
|
||||||
|
opendmp.elasticsearch:
|
||||||
|
container_name: opendmp.elasticsearch
|
||||||
|
image: elasticsearch
|
||||||
|
build:
|
||||||
|
context: /elk/elasticsearch/
|
||||||
|
args:
|
||||||
|
ELK_VERSION: $ELK_VERSION
|
||||||
|
|
||||||
|
# opendmp.logstash:
|
||||||
|
# container_name: opendmp.logstash
|
||||||
|
# image: logstash
|
||||||
|
# build:
|
||||||
|
# context: /elk/logstash/
|
||||||
|
# args:
|
||||||
|
# ELK_VERSION: $ELK_VERSION
|
||||||
|
# depends_on:
|
||||||
|
# - opendmp.elasticsearch
|
||||||
|
|
||||||
|
opendmp.kibana:
|
||||||
|
container_name: opendmp.kibana
|
||||||
|
image: kibana
|
||||||
|
build:
|
||||||
|
context: /elk/kibana/
|
||||||
|
args:
|
||||||
|
ELK_VERSION: $ELK_VERSION
|
||||||
|
depends_on:
|
||||||
|
- opendmp.elasticsearch
|
||||||
|
|
||||||
|
# opendmp.filebeat:
|
||||||
|
# container_name: opendmp.filebeat
|
||||||
|
# image: filebeat
|
||||||
|
# build:
|
||||||
|
# context: /elk/filebeat/
|
||||||
|
# args:
|
||||||
|
# ELK_VERSION: $ELK_VERSION
|
||||||
|
# depends_on:
|
||||||
|
# - opendmp.logstash
|
||||||
|
|
||||||
|
############################## KEYCLOAK ###############################################
|
||||||
|
opendmp.keycloak:
|
||||||
|
container_name: opendmp.keycloak
|
||||||
|
image: quay.io/keycloak/keycloak:${KEYCLOAK_TAG}
|
||||||
|
|
||||||
|
############################## RABBITMQ ###############################################
|
||||||
|
opendmp.rabbitmq:
|
||||||
|
container_name: opendmp.rabbitmq
|
||||||
|
image: rabbitmq:${RABBITMQ_TAG}
|
||||||
|
|
||||||
|
############################## GOTENBERG ##############################################
|
||||||
|
opendmp.gotenberg:
|
||||||
|
image: gotenberg/gotenberg:${GOTENBERG_TAG}
|
||||||
|
container_name: opendmp.gotenberg
|
|
@ -0,0 +1,28 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC3Ijv7bT86kta/
|
||||||
|
1wx0nMbtZvXF5Hfmt1n3087NcOi/JdjnSmF7JfTCXjzKQtOKrv2tLGkaXfrzerL+
|
||||||
|
yPBKuffTMk80vHSixmrH71IX0DriKNxnW6RNg1j3R3igVVsGTNdUbI26dc3RZpKR
|
||||||
|
gb7u/HqR1GTLD6EfrcL655aitCmywvyzLQ/x1BWZ3WjaMONT1DdU7I1GXhqv96be
|
||||||
|
Sbi2dQUdogNFGhiK9WwFrKJpeSERlOl6jPBqoYRZjBlgJ/DlmWhvlKwj91ilYeOd
|
||||||
|
ifsB9e7F9lwUbADsSGTOKKqBIX29ZcFkXwJshtm6CIQXWnvz+jl46mu5ScEU+iwr
|
||||||
|
mvILVUIJAgMBAAECggEAEgO3WEp9FYczwj/GfSMd62T9KLgKdmLTYg5PEcT5VDJG
|
||||||
|
JaxarflEHCmWe8P6mLIRiKstdJdJlBFeEbOU9ZjZEMiqY3LlW0y+3MeFMQv9+tjP
|
||||||
|
o4gvf6N7ySlZ65Wx5EsDRI4AHBcyBZb8NH2JmWszKGy29IWnUR0v6KwG1J752hhq
|
||||||
|
vTO9aMaz3MTstKTal0cDJRaTjPctzXVSyJSTeClNpl8mFDYbCUR/PPklZbAx9CyY
|
||||||
|
K6orDCUBGOH2wK85+l9uFaUWOcupKBhg99MKZTpX/6tIgqbCuBfN8FBk0LztJ/Uo
|
||||||
|
SZAHf5QIt6eTmcBtarlbsTV0TeJj5llVUGynHTBvQQKBgQC+ZTbTkbfHIgbVqDeU
|
||||||
|
YkBiKul4M8xzIOsogNtZVevL7R2KSco1TUmcY7SDq8flshtZJb6utXUXCUprNsZl
|
||||||
|
OOM7QpXxfnYKTjv39NTM4eCCzvMcDpBRmBQmQkka+2NbAxMTy91T709EAiqgia+m
|
||||||
|
tszU93IGIle9abv9Fo1giw/lqQKBgQD2PHhwtmVT3B/H/ywtadCmyfHm+kHi8IWR
|
||||||
|
y//EvLjDgI+SzwIgM2ABLAkKqg1VXkgZ741AxaQkkcP+NgJ2saY0cJCKBr/SPyRe
|
||||||
|
jTfbWWfH89Mf3EVl2fxkG3YL1EJu+boup3l9L1rGpK9japAIMNOXh8S4A5WCOZLr
|
||||||
|
Hk6FuTF1YQKBgEr8K9qpcjrQMObm6HTdOUQwaGD57ZSOK295SGpnx4U6Lr8vDp9t
|
||||||
|
gAdC0W5mMkVJnzG+BtpiBup6sz+EhCCLhhrpv4or5ytp4n5mg4TplPWPsfmj1rz7
|
||||||
|
6zuiMY6Z4WiPzmymhtWu04YSYF13vKEpL4TUq6i0z99+jBZCUo3qVul5AoGAcYNG
|
||||||
|
8o7i/1nGvOgBcZ4KNhl6jsRngzrmGGQ2sHdfpaCqjz8m97k3VNL8CBKEuwoPqwUn
|
||||||
|
1OhH1yPrelFjqVwUBrCtsTOTUlURaxUm3tPEaAUbGuDsjRuEopGWRbXAOnCdR8yk
|
||||||
|
0PT3oANjZy1E4MHBiWVpZnsgfTwVYpZCFJtfFYECgYBkyF06DC0DhZZ0AEZpJHxf
|
||||||
|
xbP/1gq7KlBzR6WSSRzPxX/3VOdBuGs7qYP1orDEF9wG/0Jk35Ek+PcT97j6s0gE
|
||||||
|
a4Zd8iYpSdgd36L+5uBxgRsavr/Xf4lQECRTQYfKUVhKhhCT1xjOUAAr52Vl+8V/
|
||||||
|
5sIcUBUzbXDpZvyR/67pxQ==
|
||||||
|
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,21 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDcTCCAlmgAwIBAgIUE5s/YTgomqob7mc88HmQUn/sHkswDQYJKoZIhvcNAQEL
|
||||||
|
BQAwRzELMAkGA1UEBhMCR1IxDTALBgNVBAgMBENJVEUxDDAKBgNVBAcMA0FUSDEN
|
||||||
|
MAsGA1UECgwEQ0lURTEMMAoGA1UEAwwDZWxrMCAXDTIyMDkwODA3Mzg0NFoYDzIx
|
||||||
|
MjIwODE1MDczODQ0WjBHMQswCQYDVQQGEwJHUjENMAsGA1UECAwEQ0lURTEMMAoG
|
||||||
|
A1UEBwwDQVRIMQ0wCwYDVQQKDARDSVRFMQwwCgYDVQQDDANlbGswggEiMA0GCSqG
|
||||||
|
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3Ijv7bT86kta/1wx0nMbtZvXF5Hfmt1n3
|
||||||
|
087NcOi/JdjnSmF7JfTCXjzKQtOKrv2tLGkaXfrzerL+yPBKuffTMk80vHSixmrH
|
||||||
|
71IX0DriKNxnW6RNg1j3R3igVVsGTNdUbI26dc3RZpKRgb7u/HqR1GTLD6EfrcL6
|
||||||
|
55aitCmywvyzLQ/x1BWZ3WjaMONT1DdU7I1GXhqv96beSbi2dQUdogNFGhiK9WwF
|
||||||
|
rKJpeSERlOl6jPBqoYRZjBlgJ/DlmWhvlKwj91ilYeOdifsB9e7F9lwUbADsSGTO
|
||||||
|
KKqBIX29ZcFkXwJshtm6CIQXWnvz+jl46mu5ScEU+iwrmvILVUIJAgMBAAGjUzBR
|
||||||
|
MB0GA1UdDgQWBBQSAI1g3+gAsT5BHVfaWPlNFy9IgjAfBgNVHSMEGDAWgBQSAI1g
|
||||||
|
3+gAsT5BHVfaWPlNFy9IgjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
|
||||||
|
A4IBAQCmR4cz47QtGX1xn2Rrl1NdLX2wiS2y7P4xRGzKeAYZIHLZWW/GaJDb+yw9
|
||||||
|
Cz9qjhuBhGqfIeh8QryRgPotd64Oef0MscC+oFfprWxQA0svP83sITr9BazGb4A4
|
||||||
|
LcIToVHZtIMnak119k1RsNYpzADDBxnaaODs3xCe21dfCVI/ea+wSPiUY3vvZZDn
|
||||||
|
KejJclhRnQFV3yQ7hMdR9tq0BndWtqHrappa3oX2JU1yi/x3Ndi6dOMk+x7+kc4Q
|
||||||
|
OAtzcXa29kowAyLUMHhGYwcsJp8ysa6Xlltqt/kkI+3CgbTl/egUU9igysMKDyMM
|
||||||
|
0LQcef+IQwmeHfD1RAW2ksW2OOx5
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,20 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDXDCCAkSgAwIBAgIUK8FEbNAIdyPoRF/pTyqNuL3kP54wDQYJKoZIhvcNAQEL
|
||||||
|
BQAwRzELMAkGA1UEBhMCR1IxDTALBgNVBAgMBENJVEUxDDAKBgNVBAcMA0FUSDEN
|
||||||
|
MAsGA1UECgwEQ0lURTEMMAoGA1UEAwwDZWxrMCAXDTIyMDkwODA4MjgxM1oYDzIx
|
||||||
|
MjIwODE1MDgyODEzWjAYMRYwFAYDVQQDDA1lbGFzdGljc2VhcmNoMIIBIjANBgkq
|
||||||
|
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoC6DoPC1kesTH0cKs1blVW8ddsQ3VmFO
|
||||||
|
ROJiUorhDIHB3sXJhCSw0hxZFNZtqgG35CTa5w3XiQMT1fr6Ar/ztOQmARg9CMQa
|
||||||
|
mOf8gR+tMTSwP7zr7WBR/1Q+GseeOnthFOfvfq7LLpRs8VNb/mhcSIjJsT9kMNXN
|
||||||
|
5iHIyEuGhQSwPZDUYx+6Ag4belQLvic+QYDhwvujtPFWj8qLSG7kTpbBK5ahH/5E
|
||||||
|
mvT5mpOYTR10f3LG4DKw7t6qG9tzh4WkwR0JYmlgxpAA/HBSa/QjS7CGxLrA4Sop
|
||||||
|
gQF8KQPEP/0w98EbYpBUPS5jqbkBr6093M7Epksi86oRjtbcXAT0qwIDAQABo20w
|
||||||
|
azApBgNVHREEIjAggg1lbGFzdGljc2VhcmNogglsb2NhbGhvc3SHBH8AAAEwHQYD
|
||||||
|
VR0OBBYEFC/cKMOAVbx8bwyoKdg2Oiej9xoSMB8GA1UdIwQYMBaAFBIAjWDf6ACx
|
||||||
|
PkEdV9pY+U0XL0iCMA0GCSqGSIb3DQEBCwUAA4IBAQBo42FOuxIMeIiMaKa347gc
|
||||||
|
WsHpkazYOA6iHK5xXPsVUU1xSCLKp5HLCC04FU5P9njCDyZo1e/SR6rirQJJHEtT
|
||||||
|
SAn7iabREE+vy0oN3JnyV+eJPmKWxlqeFr9Cs9uIXQbgjwyyj9rxT06eLr3M1MA1
|
||||||
|
IsARV2eyxcgS5sCC8JBCEpKR4jLRrpAs0tGJOeIh1cmf/1id+NQaDa14sLFKHBH1
|
||||||
|
3+6TfBPrhJoGqFz92jV2airr7dppyCXgmWymVc66iD00Nak6Bvchg6ARTkqJnfoZ
|
||||||
|
2/Tz7asHV2V052ZLiow7Si34nS/9Hp8F8vUaj+FYXowvGwQUXLQIg/53KXh7piuW
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,28 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCgLoOg8LWR6xMf
|
||||||
|
RwqzVuVVbx12xDdWYU5E4mJSiuEMgcHexcmEJLDSHFkU1m2qAbfkJNrnDdeJAxPV
|
||||||
|
+voCv/O05CYBGD0IxBqY5/yBH60xNLA/vOvtYFH/VD4ax546e2EU5+9+rssulGzx
|
||||||
|
U1v+aFxIiMmxP2Qw1c3mIcjIS4aFBLA9kNRjH7oCDht6VAu+Jz5BgOHC+6O08VaP
|
||||||
|
yotIbuROlsErlqEf/kSa9Pmak5hNHXR/csbgMrDu3qob23OHhaTBHQliaWDGkAD8
|
||||||
|
cFJr9CNLsIbEusDhKimBAXwpA8Q//TD3wRtikFQ9LmOpuQGvrT3czsSmSyLzqhGO
|
||||||
|
1txcBPSrAgMBAAECggEAJdOmMPj3H9zgGKhJrh1Mrha94gCnQsZa2eiOKIj0aWQx
|
||||||
|
GL8jfgm+Gfgoz0NuBVI/j2hmq1648fmgkw0gQkr7LdIc6XBEZZAN6eMK3aFR4Idd
|
||||||
|
QcgG/PkclAvcWK2gP5ZIUEwPYh68C6VwbrLtTBBwDo8C9lEOg3vSElETHb28KCgZ
|
||||||
|
sC0wLres01crLF0Azh+m3cx+p/6TBLfpBIrM0HQn1Lmn/dP6BKcRDoncE+GcKjE1
|
||||||
|
JZcgypdC4Juq2WctMNbBvgt+7AjVB1n9ejrUN5rlK+JP3Xa7D4zvc79CDX+BP2C2
|
||||||
|
X57ZT4Pff5mPF70zrlqGQNnBep09UxZTRnHDRMWzZQKBgQDfMT+G+x49TZYuaiQC
|
||||||
|
gKguQ0k8F6nnrmz0rz2MNJiZ9oTYAtz5wRQ25KkbqTc7beKecSykp5izoluzgSJu
|
||||||
|
dTFh11SO1i63kMzpFFyBui3rSoUjAq+sMzRY5ERyUsG90tsaAl2a9PT3M9b5a0XC
|
||||||
|
8f1cDhKt+JQtaYRiZZJsC4Ru1wKBgQC3uirv92/dq1RcuWBf/yt2n6/JY9+9k1NI
|
||||||
|
vDzQtVI0Q3OZfRX9Rn9/+h3fSXTG3w7p5FqfNguHYPbLNzO+6WxxeuDveAL3Nx4/
|
||||||
|
HSURjbiK+ppYDwyeY4IgKgeq2mRrIZC4rSqEsrJMLnNiDRYaVTWZczqGLT5oZ5cT
|
||||||
|
lBLDD6+STQKBgDhi68bBOIGKUW/GdvR+5n5Rl3XsEIusoHAsuaLrQsZa5nLgPk2G
|
||||||
|
vwGjQSnw1ThZaZBXzUyH3uc7FGnELRu01dX/Hai8aa8MkQgtkbVggOtZt0sCCbm6
|
||||||
|
cfYnLTeourOnSp1GjblxO1YcranztPssQbL5BzUWgPD8IGrveE99lWafAoGAG6q4
|
||||||
|
PoynVt0vBguQXMRjOijP4ubcUYL2/rQCAHfdmisyJEH25r4QAyiaCP7Zy/zZFRWj
|
||||||
|
I+iSkd9jKrT0YOJrxyb26njLEYlGT8DGzT7nNF6KkYoqn0ti1A8gOnVKu+tBDN5e
|
||||||
|
0b7LJLe1/mT0GCEOwj3c6Um05Sn8USFyNdeN290CgYBSdmwqJYUGJXVGTCn2Ff4Z
|
||||||
|
jdFtN/Q9kFDhCCYVV1XAJ5mdX4k77HIw5EAlDXM0EZnhQAec+RSKIO7Oc+9krmFq
|
||||||
|
R1lCT/s7UDsitQBDmkQs+12PEILuk+Qbdan+CwTLwCik06vj+VzZhHylFoOMJLdm
|
||||||
|
lf4Bnd2TNNykAsd2jy5cAg==
|
||||||
|
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,12 @@
|
||||||
|
[ req ]
|
||||||
|
default_bits = 2048
|
||||||
|
distinguished_name = req_distinguished_name
|
||||||
|
req_extensions = req_ext
|
||||||
|
[ req_distinguished_name ]
|
||||||
|
commonName = elasticsearch
|
||||||
|
[ req_ext ]
|
||||||
|
subjectAltName = @alt_names
|
||||||
|
[alt_names]
|
||||||
|
DNS.1 = elasticsearch
|
||||||
|
DNS.2 = localhost
|
||||||
|
IP.1 = 127.0.0.1
|
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
## Default Elasticsearch configuration from elasticsearch-docker.
|
||||||
|
## from https://github.com/elastic/elasticsearch-docker/blob/master/build/elasticsearch/elasticsearch.yml
|
||||||
|
#
|
||||||
|
network.host: 0.0.0.0
|
||||||
|
|
||||||
|
# minimum_master_nodes need to be explicitly set when bound on a public IP
|
||||||
|
# set to 1 to allow single node clusters
|
||||||
|
# Details: https://github.com/elastic/elasticsearch/pull/17288
|
||||||
|
# discovery.zen.minimum_master_nodes: 1
|
||||||
|
|
||||||
|
## Use single node discovery in order to disable production mode and avoid bootstrap checks
|
||||||
|
## see https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html
|
||||||
|
#
|
||||||
|
discovery.type: single-node
|
||||||
|
## Search Guard
|
||||||
|
#
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,179 @@
|
||||||
|
#https://github.com/elastic/elasticsearch/blob/7.4/distribution/src/config/log4j2.properties
|
||||||
|
|
||||||
|
status = error
|
||||||
|
|
||||||
|
# log action execution errors for easier debugging
|
||||||
|
logger.action.name = org.elasticsearch.action
|
||||||
|
logger.action.level = debug
|
||||||
|
|
||||||
|
appender.console.type = Console
|
||||||
|
appender.console.name = console
|
||||||
|
appender.console.layout.type = PatternLayout
|
||||||
|
appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
|
||||||
|
|
||||||
|
######## Server JSON ############################
|
||||||
|
appender.rolling.type = RollingFile
|
||||||
|
appender.rolling.name = rolling
|
||||||
|
appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_server.json
|
||||||
|
appender.rolling.layout.type = ESJsonLayout
|
||||||
|
appender.rolling.layout.type_name = server
|
||||||
|
|
||||||
|
appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz
|
||||||
|
appender.rolling.policies.type = Policies
|
||||||
|
appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
|
||||||
|
appender.rolling.policies.time.interval = 1
|
||||||
|
appender.rolling.policies.time.modulate = true
|
||||||
|
appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
|
||||||
|
appender.rolling.policies.size.size = 128MB
|
||||||
|
appender.rolling.strategy.type = DefaultRolloverStrategy
|
||||||
|
appender.rolling.strategy.fileIndex = nomax
|
||||||
|
appender.rolling.strategy.action.type = Delete
|
||||||
|
appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path}
|
||||||
|
appender.rolling.strategy.action.condition.type = IfFileName
|
||||||
|
appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-*
|
||||||
|
appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize
|
||||||
|
appender.rolling.strategy.action.condition.nested_condition.exceeds = 2GB
|
||||||
|
################################################
|
||||||
|
######## Server - old style pattern ###########
|
||||||
|
appender.rolling_old.type = RollingFile
|
||||||
|
appender.rolling_old.name = rolling_old
|
||||||
|
appender.rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log
|
||||||
|
appender.rolling_old.layout.type = PatternLayout
|
||||||
|
appender.rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
|
||||||
|
|
||||||
|
appender.rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.log.gz
|
||||||
|
appender.rolling_old.policies.type = Policies
|
||||||
|
appender.rolling_old.policies.time.type = TimeBasedTriggeringPolicy
|
||||||
|
appender.rolling_old.policies.time.interval = 1
|
||||||
|
appender.rolling_old.policies.time.modulate = true
|
||||||
|
appender.rolling_old.policies.size.type = SizeBasedTriggeringPolicy
|
||||||
|
appender.rolling_old.policies.size.size = 128MB
|
||||||
|
appender.rolling_old.strategy.type = DefaultRolloverStrategy
|
||||||
|
appender.rolling_old.strategy.fileIndex = nomax
|
||||||
|
appender.rolling_old.strategy.action.type = Delete
|
||||||
|
appender.rolling_old.strategy.action.basepath = ${sys:es.logs.base_path}
|
||||||
|
appender.rolling_old.strategy.action.condition.type = IfFileName
|
||||||
|
appender.rolling_old.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-*
|
||||||
|
appender.rolling_old.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize
|
||||||
|
appender.rolling_old.strategy.action.condition.nested_condition.exceeds = 2GB
|
||||||
|
################################################
|
||||||
|
|
||||||
|
rootLogger.level = info
|
||||||
|
rootLogger.appenderRef.console.ref = console
|
||||||
|
rootLogger.appenderRef.rolling.ref = rolling
|
||||||
|
rootLogger.appenderRef.rolling_old.ref = rolling_old
|
||||||
|
|
||||||
|
######## Deprecation JSON #######################
|
||||||
|
appender.deprecation_rolling.type = RollingFile
|
||||||
|
appender.deprecation_rolling.name = deprecation_rolling
|
||||||
|
appender.deprecation_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.json
|
||||||
|
appender.deprecation_rolling.layout.type = ESJsonLayout
|
||||||
|
appender.deprecation_rolling.layout.type_name = deprecation
|
||||||
|
appender.deprecation_rolling.layout.esmessagefields=x-opaque-id
|
||||||
|
|
||||||
|
appender.deprecation_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation-%i.json.gz
|
||||||
|
appender.deprecation_rolling.policies.type = Policies
|
||||||
|
appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy
|
||||||
|
appender.deprecation_rolling.policies.size.size = 1GB
|
||||||
|
appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy
|
||||||
|
appender.deprecation_rolling.strategy.max = 4
|
||||||
|
#################################################
|
||||||
|
######## Deprecation - old style pattern #######
|
||||||
|
appender.deprecation_rolling_old.type = RollingFile
|
||||||
|
appender.deprecation_rolling_old.name = deprecation_rolling_old
|
||||||
|
appender.deprecation_rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.log
|
||||||
|
appender.deprecation_rolling_old.layout.type = PatternLayout
|
||||||
|
appender.deprecation_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
|
||||||
|
|
||||||
|
appender.deprecation_rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\
|
||||||
|
_deprecation-%i.log.gz
|
||||||
|
appender.deprecation_rolling_old.policies.type = Policies
|
||||||
|
appender.deprecation_rolling_old.policies.size.type = SizeBasedTriggeringPolicy
|
||||||
|
appender.deprecation_rolling_old.policies.size.size = 1GB
|
||||||
|
appender.deprecation_rolling_old.strategy.type = DefaultRolloverStrategy
|
||||||
|
appender.deprecation_rolling_old.strategy.max = 4
|
||||||
|
#################################################
|
||||||
|
logger.deprecation.name = org.elasticsearch.deprecation
|
||||||
|
logger.deprecation.level = warn
|
||||||
|
logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling
|
||||||
|
logger.deprecation.appenderRef.deprecation_rolling_old.ref = deprecation_rolling_old
|
||||||
|
logger.deprecation.additivity = false
|
||||||
|
|
||||||
|
######## Search slowlog JSON ####################
|
||||||
|
appender.index_search_slowlog_rolling.type = RollingFile
|
||||||
|
appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling
|
||||||
|
appender.index_search_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs\
|
||||||
|
.cluster_name}_index_search_slowlog.json
|
||||||
|
appender.index_search_slowlog_rolling.layout.type = ESJsonLayout
|
||||||
|
appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog
|
||||||
|
appender.index_search_slowlog_rolling.layout.esmessagefields=message,took,took_millis,total_hits,types,stats,search_type,total_shards,source,id
|
||||||
|
|
||||||
|
appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs\
|
||||||
|
.cluster_name}_index_search_slowlog-%i.json.gz
|
||||||
|
appender.index_search_slowlog_rolling.policies.type = Policies
|
||||||
|
appender.index_search_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy
|
||||||
|
appender.index_search_slowlog_rolling.policies.size.size = 1GB
|
||||||
|
appender.index_search_slowlog_rolling.strategy.type = DefaultRolloverStrategy
|
||||||
|
appender.index_search_slowlog_rolling.strategy.max = 4
|
||||||
|
#################################################
|
||||||
|
######## Search slowlog - old style pattern ####
|
||||||
|
appender.index_search_slowlog_rolling_old.type = RollingFile
|
||||||
|
appender.index_search_slowlog_rolling_old.name = index_search_slowlog_rolling_old
|
||||||
|
appender.index_search_slowlog_rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\
|
||||||
|
_index_search_slowlog.log
|
||||||
|
appender.index_search_slowlog_rolling_old.layout.type = PatternLayout
|
||||||
|
appender.index_search_slowlog_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
|
||||||
|
|
||||||
|
appender.index_search_slowlog_rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\
|
||||||
|
_index_search_slowlog-%i.log.gz
|
||||||
|
appender.index_search_slowlog_rolling_old.policies.type = Policies
|
||||||
|
appender.index_search_slowlog_rolling_old.policies.size.type = SizeBasedTriggeringPolicy
|
||||||
|
appender.index_search_slowlog_rolling_old.policies.size.size = 1GB
|
||||||
|
appender.index_search_slowlog_rolling_old.strategy.type = DefaultRolloverStrategy
|
||||||
|
appender.index_search_slowlog_rolling_old.strategy.max = 4
|
||||||
|
#################################################
|
||||||
|
logger.index_search_slowlog_rolling.name = index.search.slowlog
|
||||||
|
logger.index_search_slowlog_rolling.level = trace
|
||||||
|
logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling
|
||||||
|
logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling_old.ref = index_search_slowlog_rolling_old
|
||||||
|
logger.index_search_slowlog_rolling.additivity = false
|
||||||
|
|
||||||
|
######## Indexing slowlog JSON ##################
|
||||||
|
appender.index_indexing_slowlog_rolling.type = RollingFile
|
||||||
|
appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling
|
||||||
|
appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\
|
||||||
|
_index_indexing_slowlog.json
|
||||||
|
appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout
|
||||||
|
appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog
|
||||||
|
appender.index_indexing_slowlog_rolling.layout.esmessagefields=message,took,took_millis,doc_type,id,routing,source
|
||||||
|
|
||||||
|
appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\
|
||||||
|
_index_indexing_slowlog-%i.json.gz
|
||||||
|
appender.index_indexing_slowlog_rolling.policies.type = Policies
|
||||||
|
appender.index_indexing_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy
|
||||||
|
appender.index_indexing_slowlog_rolling.policies.size.size = 1GB
|
||||||
|
appender.index_indexing_slowlog_rolling.strategy.type = DefaultRolloverStrategy
|
||||||
|
appender.index_indexing_slowlog_rolling.strategy.max = 4
|
||||||
|
#################################################
|
||||||
|
######## Indexing slowlog - old style pattern ##
|
||||||
|
appender.index_indexing_slowlog_rolling_old.type = RollingFile
|
||||||
|
appender.index_indexing_slowlog_rolling_old.name = index_indexing_slowlog_rolling_old
|
||||||
|
appender.index_indexing_slowlog_rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\
|
||||||
|
_index_indexing_slowlog.log
|
||||||
|
appender.index_indexing_slowlog_rolling_old.layout.type = PatternLayout
|
||||||
|
appender.index_indexing_slowlog_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
|
||||||
|
|
||||||
|
appender.index_indexing_slowlog_rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\
|
||||||
|
_index_indexing_slowlog-%i.log.gz
|
||||||
|
appender.index_indexing_slowlog_rolling_old.policies.type = Policies
|
||||||
|
appender.index_indexing_slowlog_rolling_old.policies.size.type = SizeBasedTriggeringPolicy
|
||||||
|
appender.index_indexing_slowlog_rolling_old.policies.size.size = 1GB
|
||||||
|
appender.index_indexing_slowlog_rolling_old.strategy.type = DefaultRolloverStrategy
|
||||||
|
appender.index_indexing_slowlog_rolling_old.strategy.max = 4
|
||||||
|
#################################################
|
||||||
|
|
||||||
|
logger.index_indexing_slowlog.name = index.indexing.slowlog.index
|
||||||
|
logger.index_indexing_slowlog.level = trace
|
||||||
|
logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling
|
||||||
|
logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling_old.ref = index_indexing_slowlog_rolling_old
|
||||||
|
logger.index_indexing_slowlog.additivity = false
|
|
@ -0,0 +1,16 @@
|
||||||
|
cluster.name=opendmp-cluster
|
||||||
|
bootstrap.memory_lock=true
|
||||||
|
xpack.license.self_generated.type=basic
|
||||||
|
xpack.monitoring.collection.enabled=true
|
||||||
|
xpack.ml.enabled=false
|
||||||
|
xpack.security.enabled=true
|
||||||
|
xpack.security.http.ssl.enabled=true
|
||||||
|
xpack.security.http.ssl.verification_mode=certificate
|
||||||
|
xpack.security.http.ssl.key=/usr/share/elasticsearch/config/certificates/elasticsearch/elasticsearch.key
|
||||||
|
xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca/ca.crt
|
||||||
|
xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/certificates/elasticsearch/elasticsearch.crt
|
||||||
|
xpack.security.transport.ssl.enabled=true
|
||||||
|
xpack.security.transport.ssl.verification_mode=certificate
|
||||||
|
xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca/ca.crt
|
||||||
|
xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certificates/elasticsearch/elasticsearch.crt
|
||||||
|
xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certificates/elasticsearch/elasticsearch.key
|
|
@ -0,0 +1,20 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDSTCCAjGgAwIBAgIUXMpiJCPQnPeOHA1FjYo12FaHO1UwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
|
||||||
|
cmF0ZWQgQ0EwHhcNMTkwOTAzMTUyMDM1WhcNMjIwOTAyMTUyMDM1WjA0MTIwMAYD
|
||||||
|
VQQDEylFbGFzdGljIENlcnRpZmljYXRlIFRvb2wgQXV0b2dlbmVyYXRlZCBDQTCC
|
||||||
|
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI1ci/DoagopzxemkP21UmnP
|
||||||
|
wv2Yoo267y6CR/okrT3a0lARDjPl28YaNsEQ2skAnPu3gNqqDWW9j1aWEtWwNuEA
|
||||||
|
PudVCdc6irgFEbPlwU6Dh05LVB99FCw70UKM5G4CSH7gMQvzPcvjJT4ROKoDCh3W
|
||||||
|
I+pWYqhqU9xEiMzwsPdC2uy2Om2I0bZ2A03WmMr8Ts58qmBqVOMBLIY008jFetj7
|
||||||
|
ZH67WDT92pqfG9/xRKH9ELdZNlNw/2fSTb4KBek06MZIzPkHk0iMhw7bMLwEYyDy
|
||||||
|
J14Rym4Up9akgr8J6XwyACek5oht1lQlJjYhUuf2ZSzVJ54LhYoTGg1ybYT9qx8C
|
||||||
|
AwEAAaNTMFEwHQYDVR0OBBYEFAxdsx3VcEsMaPWe7GvbyHOEnftTMB8GA1UdIwQY
|
||||||
|
MBaAFAxdsx3VcEsMaPWe7GvbyHOEnftTMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
|
||||||
|
hvcNAQELBQADggEBADltg11WpSg0tYVXrAowySy68CkcK9t/XYioeRYRAvfSD5mB
|
||||||
|
ONMFegqwJVqUzu6HbxkhpVBf/JykGqSkf0Cu5BRUYT7A+egpDNAPAIa1/SbSchjP
|
||||||
|
mbFMbpLRXFfP60xqgVem0C5wKcMEFFg+0YRDkSf/232aCwb0sS63V52ssmnEDN6v
|
||||||
|
k4Cn2k/MZjAi/seWNnphaTyU71Eu3ObftIpOGc4ZJ875KiUZQtCXrP36QICUdFAM
|
||||||
|
ay+z2gEVQQE2zKbtaEeE0Sxyas9eRnGHXzbx/yoz706lME9QmzPmcvfVlHQH8N/o
|
||||||
|
2nU+I07j6TDoHn/WRIgbWR0jrWv0hlTqzxOyCDM=
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,20 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDUjCCAjqgAwIBAgIUKTnOSL0Rtnm8ZQkfSUvpQiBNGnMwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
|
||||||
|
cmF0ZWQgQ0EwHhcNMTkwOTAzMTUyMDM1WhcNMjIwOTAyMTUyMDM1WjAYMRYwFAYD
|
||||||
|
VQQDEw1lbGFzdGljc2VhcmNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
|
||||||
|
AQEAkB1OMRBRUDUxQ6fIv5gv0myKDZgVJFnEEjIjU6YjMpf/htTsvu8zdpBoWhg6
|
||||||
|
7IsflSkUPynDG4geFjQ/WtxVeqxjnmtIB2fMDAHppX882as3tYjBlHj1sU0/OwwI
|
||||||
|
Ga5/OtxOubGswrzCEEjIgZwTtSX2Yzx3tE2UzwjWsYwGCBM/ssN8Wc1vlqq20+Qr
|
||||||
|
Lsggk+dXapN2wL9FABrxrJfV2SxXb2qKLKVd3EIfs+HVqIt9dVrpcFRV3Lwexg+Z
|
||||||
|
wlJv58EPsynphczssBhMOhlmVqpRY8z88fqsbqDVdqHIF8hqn7czWFqeCRldnb7W
|
||||||
|
LWaYaOG0Jd6SM7OpHnfNgBST4wIDAQABo3gwdjAdBgNVHQ4EFgQUCkDAcWSJ6H2G
|
||||||
|
UFFh9dhk+mG0L08wHwYDVR0jBBgwFoAUDF2zHdVwSwxo9Z7sa9vIc4Sd+1MwKQYD
|
||||||
|
VR0RBCIwIIIJbG9jYWxob3N0hwR/AAABgg1lbGFzdGljc2VhcmNoMAkGA1UdEwQC
|
||||||
|
MAAwDQYJKoZIhvcNAQELBQADggEBAAQpkdkGl2H0ylgbmmNiIlrQX+U2i4ag4sJ6
|
||||||
|
xsVR5OWxuyB/aMWhuOHkgueMh2wElufn60jK0Mh25b2U7oO/0Nq+28rhhP9HURLz
|
||||||
|
7/TwCbLcglTAgHQPWItwn5r5WKDFNCPNpZXFU/oG5H6hUJqTvuaTN6G/PQ6V9Yp3
|
||||||
|
J00NbPuFq8tjNAc/kQnhC7zdC/7YQ/fanHBPkvQnkGbac5+VAF/se/JYbxRpSz23
|
||||||
|
5a+v6BDb/kjs82QgV8dzsyFmntO+Neesu9tTJurBbQD5T3xMgoGSWLgnTCq3/drl
|
||||||
|
PMBLgUQHik629dU+7o8ePCdyULruGMR6CIBqO7ZKQASulhkxdUo=
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,27 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEpQIBAAKCAQEAkB1OMRBRUDUxQ6fIv5gv0myKDZgVJFnEEjIjU6YjMpf/htTs
|
||||||
|
vu8zdpBoWhg67IsflSkUPynDG4geFjQ/WtxVeqxjnmtIB2fMDAHppX882as3tYjB
|
||||||
|
lHj1sU0/OwwIGa5/OtxOubGswrzCEEjIgZwTtSX2Yzx3tE2UzwjWsYwGCBM/ssN8
|
||||||
|
Wc1vlqq20+QrLsggk+dXapN2wL9FABrxrJfV2SxXb2qKLKVd3EIfs+HVqIt9dVrp
|
||||||
|
cFRV3Lwexg+ZwlJv58EPsynphczssBhMOhlmVqpRY8z88fqsbqDVdqHIF8hqn7cz
|
||||||
|
WFqeCRldnb7WLWaYaOG0Jd6SM7OpHnfNgBST4wIDAQABAoIBACRGPBg9czotKWlO
|
||||||
|
IkmXlPHyQA2L6kZsEd5CoIG9n75sY/UcQzsMGngNgTasQqinnBt/a4k6idG0QV51
|
||||||
|
aD0GmL14BtspRcgXaFTdZmIx1K81WaBn+9HTYIRwXSoPrTpJody+91HmVwXtXSuc
|
||||||
|
Jlv5XTyLgakY30iS/pHeN6wZAqulS7p6DkCH+W3c15BvNYnsjDX5vYZLgmktNl62
|
||||||
|
LoHymTt54rLhxheZiwFeiHePsl9IanvnDEjCl2jBFnFB402NeapTex84ZnOgPYEV
|
||||||
|
5w81MUYMeLy1aaziWEICPP1TU62T2oYKUFC1kQKUgCYp3t1UUkLsF6KfybJ+baMs
|
||||||
|
+Nm5IQECgYEAzy4kQ9wo2x+3teQgMR+QLIN2cgfDCgI1BXUzhIr607kpo6F12Jf0
|
||||||
|
zT5sC+9OzSPh3dPkyvnWtg2K3ld3L+ATqGvpWC42OgSI0HK6rnfL8Q3cYld8KLwn
|
||||||
|
C8lbSQuDFo+hMJoGU7V+QTXM8j1e+2KoxgwGfceeiwql5GpqqcHFSJkCgYEAshLP
|
||||||
|
QYOBaimhOlY1m1B9YgXrgNKoj66njhHJLTD9rD4BvMsntGo8UaBrZxpcQKaDO778
|
||||||
|
UtuRPM8Pfrg2Q2fR6SHAydoQpiGQ0XrkUXNmh3v9YOBlFzdg1PhKSCRZRv75KjnC
|
||||||
|
Z4jyL8GVYMhB+vWl/bQJO5o5YYHR7OdJCs8p4dsCgYEAnTQl0Ff9qEco3pt60cth
|
||||||
|
WmVmOqApHi8OjFWiAbBzIrQdJEwfX3nuBs6WrXeoE4BmoitmL53jjcA43vz/MxST
|
||||||
|
1fgL1x05iExog8KKZFgCJ6ac0wIO89nQxuDCo2pYzYWuiXJV2q6cXl60ZBqtN5Jk
|
||||||
|
/eGiC06svlQWDHuy85xUVgECgYEAm8jk1FWtxCiDSjvdTfEOn9C6BMtGd9y97QYW
|
||||||
|
T5jKdAMTFg1MwQMnnemPzHU9O7nwmTYuHHbGCsLCtYOGxVVwSFolBPHnGs/Gl9zB
|
||||||
|
HZitm92W/0eQaM0jw20r3w0dpYSuiohZUKZ36dubST4oqtp4ywjUAvabOHiQJIb6
|
||||||
|
WaB+7X0CgYEAptNxensUEn+hSKfMVCxS36U1QL2njRfGiCfqVHVOKeu6+oLB4N/N
|
||||||
|
0mZngesMGV1HxzYivwkXW07U0drgfqv+iHBIF5HYRM6PkFNpop6PJAlVpFaATx0s
|
||||||
|
tDvtrcmgz3hunhHURvr/VlXcGuYo4mpySPhHDTeF6Ad/9Ml16vO7uW0=
|
||||||
|
-----END RSA PRIVATE KEY-----
|
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
## Default Kibana configuration from kibana-docker.
|
||||||
|
## from https://github.com/elastic/kibana-docker/blob/master/build/kibana/config/kibana.yml
|
||||||
|
#
|
||||||
|
server.name: opendmp.kibana
|
||||||
|
server.host: "0.0.0.0"
|
||||||
|
## Custom configuration
|
||||||
|
elasticsearch.hosts: [ "https://opendmp.elasticsearch:9200" ]
|
||||||
|
elasticsearch.ssl.certificateAuthorities: [ "/usr/share/kibana/certificate_authorities/ca.crt" ]
|
||||||
|
|
||||||
|
elasticsearch.username: "kibana"
|
||||||
|
elasticsearch.password: "2VzNck1n3uCed9d27wHn"
|
||||||
|
server.ssl.enabled: false
|
||||||
|
server.ssl.key: "/usr/share/kibana/certificates/kibana.key"
|
||||||
|
server.ssl.certificate: "/usr/share/kibana/certificates/kibana.crt"
|
|
@ -0,0 +1,18 @@
|
||||||
|
ARG ELK_VERSION
|
||||||
|
ARG DEPLOY_USER
|
||||||
|
|
||||||
|
# https://github.com/elastic/elasticsearch-docker
|
||||||
|
FROM docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION}
|
||||||
|
|
||||||
|
RUN /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu && \
|
||||||
|
/usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-phonetic
|
||||||
|
USER root
|
||||||
|
RUN groupmod -g ${DEPLOY_USER} elasticsearch
|
||||||
|
RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_USER} elasticsearch
|
||||||
|
RUN chown -R elasticsearch /usr/share/elasticsearch
|
||||||
|
RUN sed -i -e 's/--userspec=1000/--userspec=${DEPLOY_USER}/g' \
|
||||||
|
-e 's/UID 1000/UID ${DEPLOY_USER}/' \
|
||||||
|
-e 's/chown -R 1000/chown -R ${DEPLOY_USER}/' /usr/local/bin/docker-entrypoint.sh
|
||||||
|
RUN chown elasticsearch /usr/local/bin/docker-entrypoint.sh
|
||||||
|
|
||||||
|
ENV JAVA_HOME /usr/share/elasticsearch/jdk
|
|
@ -0,0 +1,14 @@
|
||||||
|
ARG ELK_VERSION
|
||||||
|
|
||||||
|
FROM docker.elastic.co/beats/filebeat:${ELK_VERSION}
|
||||||
|
|
||||||
|
USER root
|
||||||
|
RUN groupmod -g 1008 filebeat
|
||||||
|
RUN usermod -u 1008 -g 1008 filebeat
|
||||||
|
RUN chown -R filebeat /usr/share/filebeat
|
||||||
|
RUN sed -i -e 's/--userspec=1000/--userspec=1008/g' \
|
||||||
|
-e 's/UID 1000/UID 1008/' \
|
||||||
|
-e 's/chown -R 1000/chown -R 1008/' /usr/local/bin/docker-entrypoint
|
||||||
|
RUN chown filebeat /usr/local/bin/docker-entrypoint
|
||||||
|
|
||||||
|
USER 1008:1008
|
|
@ -0,0 +1,14 @@
|
||||||
|
ARG ELK_VERSION
|
||||||
|
|
||||||
|
# https://github.com/elastic/kibana-docker
|
||||||
|
FROM docker.elastic.co/kibana/kibana:${ELK_VERSION}
|
||||||
|
|
||||||
|
USER root
|
||||||
|
RUN groupmod -g 1008 kibana
|
||||||
|
RUN usermod -u 1008 -g 1008 kibana
|
||||||
|
RUN chown -R kibana /usr/share/kibana
|
||||||
|
|
||||||
|
USER 1008:1008
|
||||||
|
|
||||||
|
# Add your kibana plugins setup here
|
||||||
|
# Example: RUN kibana-plugin install <name|url>
|
|
@ -0,0 +1,19 @@
|
||||||
|
ARG ELK_VERSION
|
||||||
|
|
||||||
|
# https://github.com/elastic/logstash-docker
|
||||||
|
FROM docker.elastic.co/logstash/logstash:${ELK_VERSION}
|
||||||
|
|
||||||
|
USER root
|
||||||
|
RUN groupmod -g 1008 logstash
|
||||||
|
RUN usermod -u 1008 -g 1008 logstash
|
||||||
|
RUN chown -R logstash /usr/share/logstash
|
||||||
|
RUN sed -i -e 's/--userspec=1000/--userspec=1008/g' \
|
||||||
|
-e 's/UID 1000/UID 1008/' \
|
||||||
|
-e 's/chown -R 1000/chown -R 1008/' /usr/local/bin/docker-entrypoint
|
||||||
|
RUN chown logstash /usr/local/bin/docker-entrypoint
|
||||||
|
|
||||||
|
USER 1008:1008
|
||||||
|
|
||||||
|
# Add your logstash plugins setup here
|
||||||
|
# Example: RUN logstash-plugin install logstash-filter-json
|
||||||
|
RUN logstash-plugin update logstash-input-beats
|
|
@ -0,0 +1,4 @@
|
||||||
|
DEFAULT_WAIT_TIMEOUT=40
|
||||||
|
MAXIMUM_WAIT_DELAY=40
|
||||||
|
MAXIMUM_WAIT_TIMEOUT=40
|
||||||
|
DISABLE_GOOGLE_CHROME=1
|
|
@ -0,0 +1,23 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDvzCCAqegAwIBAgIUL9YHiVgQxrFPSGq4nMe6KbMznaowDQYJKoZIhvcNAQEL
|
||||||
|
BQAwbzELMAkGA1UEBhMCR1IxDzANBgNVBAgMBkF0dGljYTEPMA0GA1UEBwwGQXRo
|
||||||
|
ZW5zMQwwCgYDVQQKDANOTEcxDjAMBgNVBAsMBU9TRFlFMSAwHgYDVQQDDBdubGct
|
||||||
|
b3NkeWUubG9jYWwuY2l0ZS5ncjAeFw0yMDExMjcxODMzNTJaFw0yMTExMjcxODMz
|
||||||
|
NTJaMG8xCzAJBgNVBAYTAkdSMQ8wDQYDVQQIDAZBdHRpY2ExDzANBgNVBAcMBkF0
|
||||||
|
aGVuczEMMAoGA1UECgwDTkxHMQ4wDAYDVQQLDAVPU0RZRTEgMB4GA1UEAwwXbmxn
|
||||||
|
LW9zZHllLmxvY2FsLmNpdGUuZ3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
|
||||||
|
AoIBAQCYsoKFVSg67/NckladOuqFDeJWMYOYa1MhMTCpLL5UksoYM+BiKbWvXmRH
|
||||||
|
AGZAjIO2sGf6vTFO7SN6LdjCRRqJfS9zQVKHZKUdvfxkGnPaAIqWAwQkM4fFUlZF
|
||||||
|
e5jsGd7owCoEEFAirJpz53z27Xa0En5CLSI5eLGBqLNz31zi1Rdh5BPLAtgLGEoS
|
||||||
|
kOhlDXwgGtTmBAS82sXRr51J6DQr5stKsN68+DCwJiY6GU3Kun2Kyl+bepkEtHLM
|
||||||
|
SOxe5Du3F93kC4TwFckG+JSLrq8neXNbyoBOLYNxPzAGLg9vmD7nX02hFfONdX5p
|
||||||
|
zeGMD+0oyujL0HtH8nKkv9OtvYP1AgMBAAGjUzBRMB0GA1UdDgQWBBTrvPpWYBX6
|
||||||
|
spVt2gpkpDW6yzrBZzAfBgNVHSMEGDAWgBTrvPpWYBX6spVt2gpkpDW6yzrBZzAP
|
||||||
|
BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAqfOJiorxiszfKKeD2
|
||||||
|
eVda5pBU+qDnUOewRKizAktPm7V+cjM7bTEkmEHQ/oKlsT0FX5nsa8YfZCYgdotd
|
||||||
|
cDWC9KqYy9itXPESoJIZ/gMJ57v1BaVDly8tHedXEltob9ywrUyf7OF55eP0fWwb
|
||||||
|
AK90PfnRsxaurVYU5nfI9U/2jpi/LdsEYlJ7zUj7KM/Z2MwPA+be4EqjNcYLT/NB
|
||||||
|
bavhjLgZNoTkI7wYOJug+ouPn6xJJcj06RS1Q4FxtfrsnAuT+L33HemUludEUE00
|
||||||
|
TJwYWJN9hOgbyzTf5EsHxxME1gIhcYLYPMeBr9VIyJxdAEuuDJbn87oOB094sCA+
|
||||||
|
nvpp
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,28 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCYsoKFVSg67/Nc
|
||||||
|
kladOuqFDeJWMYOYa1MhMTCpLL5UksoYM+BiKbWvXmRHAGZAjIO2sGf6vTFO7SN6
|
||||||
|
LdjCRRqJfS9zQVKHZKUdvfxkGnPaAIqWAwQkM4fFUlZFe5jsGd7owCoEEFAirJpz
|
||||||
|
53z27Xa0En5CLSI5eLGBqLNz31zi1Rdh5BPLAtgLGEoSkOhlDXwgGtTmBAS82sXR
|
||||||
|
r51J6DQr5stKsN68+DCwJiY6GU3Kun2Kyl+bepkEtHLMSOxe5Du3F93kC4TwFckG
|
||||||
|
+JSLrq8neXNbyoBOLYNxPzAGLg9vmD7nX02hFfONdX5pzeGMD+0oyujL0HtH8nKk
|
||||||
|
v9OtvYP1AgMBAAECggEAajxoCpPAtaCT1GgL0sBWwdNzETzJrZWd9I3gqRL0KKsn
|
||||||
|
58bP6fvS5/voEG36thYM3WHGNfDDCYJ7GFolYKPrXpS2Gp3r6T7gkdzIaGzvBVEz
|
||||||
|
GkNm8jjX0TUDyLvBHSKyr4RitwkSd81WeCUqEDIOUCI9rZTxJsMN3IOetpNEcJt1
|
||||||
|
xR2kVuTkQiIs5evQCQ2arqTf/VQFb7FuVTtmrOggsTn33FnrUDujTAAsbEoglgvw
|
||||||
|
w1A2AYtMdGcrFIsUMJFdECkQGPVeqzKHddi1k1hv3DmOx5Rf4xJCdTL9ZYzbU1lw
|
||||||
|
ydSAM88UA7MTZWNYCGb4HjqEeDRnMUN/Qbi4f80PgQKBgQDKWLxsCBBgFRoH6nlh
|
||||||
|
TmBwYOmdQkBE09txpcpAFVZVv3eq/syZnT5+pcyj7EUexhu/p78UHPPkXDfnIKKe
|
||||||
|
C+7VOEmSM9cPMZU6cqB1x4+YZkyiU1rPD2SG46ZxBBTKsPWauJNvtuhW3K6kwMCT
|
||||||
|
ECiwG1f9EAmf9q7YKqdXGgUL3QKBgQDBL5WDIRtqHBdIPgHMue/teM+fP8I0/GKV
|
||||||
|
D3oJjBLE+I7JNp0lpeVhDvqfAL0AgZ5023hjlPobUNtpWyuLufzY6S2Pv1scyM3A
|
||||||
|
xW/LVXtC7QzdPmhrPxZkHEmRFA1zXdYo0xH4O+KDXVmYuzpIPfgrQkzt1EvP5jxv
|
||||||
|
tbjY935C+QKBgHZhr+rsVNhBwDb9YQIi3p0gtcyBZCRgZjR5MHiJgzcri5GI/J6q
|
||||||
|
tlNWIQGOS2oTsUxRkaLsxWvG4BXirAEXLiWkhrZ4icuj0JCfW21M0Z/xycf2SFx3
|
||||||
|
vvKD4W6hWqCzIx3f+rITKp8XAT32XzQq8gMGHFY7ucXShryFR93XpTgpAoGALaAF
|
||||||
|
WaDaDqdvwDoUxrsrNRSRRHUUctsglT/AfLy+OhLR9ieV2axijhexjRfpi1MRj1u+
|
||||||
|
BRbMMuNXznwfvrJASyJXBloVNKkgHuUCUC1yHQ5LOX1hv+J4cVBU95Sa0KJaz+15
|
||||||
|
kvzhtFC5tl6Rlzo7gEv6SzkWZpVjtKZgb62T/lECgYBr6PyDcGVGc8rbjxugnUnm
|
||||||
|
rShh7nMRUiTMLpWrucf7Mfr4cwFgejCoEMXPgxJF5Q1acppL0dKQzfmLVqazNX58
|
||||||
|
0XM0+fNDIeGyYKAbqtnqfmyI7O/Lb1jXPFuCNujzDxfeJX0yxoo38US4ZCD2iUrW
|
||||||
|
ZK/FFkm5ncXTenBhpHOANQ==
|
||||||
|
-----END PRIVATE KEY-----
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,23 @@
|
||||||
|
##################### KEYCLOAK #########################
|
||||||
|
# DB related configuraation
|
||||||
|
KC_DB=postgres
|
||||||
|
KC_DB_URL_HOST=opendmp.postgres
|
||||||
|
KC_DB_SCHEMA=public
|
||||||
|
KC_DB_URL_DATABASE=keycloak
|
||||||
|
KC_DB_PORT=5432
|
||||||
|
KC_DB_USERNAME=keycloak-admin
|
||||||
|
KC_DB_PASSWORD=admin
|
||||||
|
|
||||||
|
#Keycloak related configuration
|
||||||
|
KEYCLOAK_ADMIN=opendmp-admin
|
||||||
|
KEYCLOAK_ADMIN_PASSWORD=admin
|
||||||
|
KC_HOSTNAME_URL=https://localhost:8082
|
||||||
|
KC_HOSTNAME_ADMIN_URL=https://localhost:8082
|
||||||
|
KC_PROXY_HEADERS=xforwarded
|
||||||
|
KC_HOSTNAME_STRICT_HTTPS=true
|
||||||
|
KC_HOSTNAME_STRICT_BACKCHANNEL=true
|
||||||
|
KC_TRANSACTION_XA_ENABLED=false
|
||||||
|
KC_HEALTH_ENABLED=true
|
||||||
|
KC_METRICS_ENABLED=true
|
||||||
|
KC_HTTPS_CERTIFICATE_FILE=/tmp/keycloak-selfsigned.crt
|
||||||
|
KC_HTTPS_CERTIFICATE_KEY_FILE=/tmp/keycloak-selfsigned.key
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,4 @@
|
||||||
|
#################### POSTGRES ########################
|
||||||
|
#POSTGRES_DB=keycloak
|
||||||
|
POSTGRES_USER=admin
|
||||||
|
POSTGRES_PASSWORD=changeme
|
|
@ -0,0 +1,147 @@
|
||||||
|
server {
|
||||||
|
listen 8080 default_server;
|
||||||
|
listen [::]:8080 default_server;
|
||||||
|
server_name "";
|
||||||
|
return 444;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 8080;
|
||||||
|
server_name ${APP_HOST}${APP_PORT};
|
||||||
|
location / {
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 8081 ssl;
|
||||||
|
ssl_certificate /certifcates/cert.crt;
|
||||||
|
ssl_certificate_key /certifcates/key.key;
|
||||||
|
server_name ${APP_HOST}${APP_PORT};
|
||||||
|
proxy_pass_header Server;
|
||||||
|
|
||||||
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
||||||
|
add_header Referrer-Policy 'strict-origin' always;
|
||||||
|
add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always;
|
||||||
|
add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
# Fix the “It appears that your reverse proxy set up is broken" error.
|
||||||
|
proxy_pass http://opendmp.frontend:8080;
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
proxy_redirect http://opendmp.frontend:8080 https://${APP_HOST}${APP_PORT};
|
||||||
|
}
|
||||||
|
|
||||||
|
location /api/ {
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
# Fix the “It appears that your reverse proxy set up is broken" error.
|
||||||
|
proxy_pass http://opendmp.backend:8080;
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
proxy_redirect http://opendmp.backend:8080 https://${APP_HOST}${APP_PORT}/api;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /api/notification/ {
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
# Fix the “It appears that your reverse proxy set up is broken" error.
|
||||||
|
proxy_pass http://opendmp.notification:8080;
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
proxy_redirect http://opendmp.notification:8080 https://${APP_HOST}${APP_PORT}/api/notification;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /api/annotation/ {
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
# Fix the “It appears that your reverse proxy set up is broken" error.
|
||||||
|
proxy_pass http://opendmp.annotation:8080;
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
proxy_redirect http://opendmp.annotation:8080 https://${APP_HOST}${APP_PORT}/api/annotation;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 8082 ssl;
|
||||||
|
ssl_certificate /certifcates/cert.crt;
|
||||||
|
ssl_certificate_key /certifcates/key.key;
|
||||||
|
server_name ${MS_HOST};
|
||||||
|
proxy_pass_header Server;
|
||||||
|
|
||||||
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
||||||
|
add_header Referrer-Policy 'strict-origin' always;
|
||||||
|
add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always;
|
||||||
|
add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always;
|
||||||
|
|
||||||
|
location /keycloak/ {
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Port $server_port;
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Server $host;
|
||||||
|
|
||||||
|
# Fix the “It appears that your reverse proxy set up is broken" error.
|
||||||
|
proxy_pass https://opendmp.keycloak:8443;
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
|
||||||
|
proxy_redirect http://opendmp.keycloak:8443 https://${MS_HOST}${MS_PORT}/keycloak;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /rabbitmq/ {
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Port $server_port;
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Server $host;
|
||||||
|
|
||||||
|
# Fix the “It appears that your reverse proxy set up is broken" error.
|
||||||
|
proxy_pass https://opendmp.rabbitmq:15672;
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
|
||||||
|
proxy_redirect http://opendmp.rabbitmq:15672 https://${MS_HOST}${MS_PORT}/rabbitmq;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /elastic/ {
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Port $server_port;
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Server $host;
|
||||||
|
|
||||||
|
# Fix the “It appears that your reverse proxy set up is broken" error.
|
||||||
|
proxy_pass https://opendmp.kibana:5601;
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
|
||||||
|
proxy_redirect http://opendmp.kibana:5601 https://${MS_HOST}${MS_PORT}/elastic;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,23 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDvzCCAqegAwIBAgIUL9YHiVgQxrFPSGq4nMe6KbMznaowDQYJKoZIhvcNAQEL
|
||||||
|
BQAwbzELMAkGA1UEBhMCR1IxDzANBgNVBAgMBkF0dGljYTEPMA0GA1UEBwwGQXRo
|
||||||
|
ZW5zMQwwCgYDVQQKDANOTEcxDjAMBgNVBAsMBU9TRFlFMSAwHgYDVQQDDBdubGct
|
||||||
|
b3NkeWUubG9jYWwuY2l0ZS5ncjAeFw0yMDExMjcxODMzNTJaFw0yMTExMjcxODMz
|
||||||
|
NTJaMG8xCzAJBgNVBAYTAkdSMQ8wDQYDVQQIDAZBdHRpY2ExDzANBgNVBAcMBkF0
|
||||||
|
aGVuczEMMAoGA1UECgwDTkxHMQ4wDAYDVQQLDAVPU0RZRTEgMB4GA1UEAwwXbmxn
|
||||||
|
LW9zZHllLmxvY2FsLmNpdGUuZ3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
|
||||||
|
AoIBAQCYsoKFVSg67/NckladOuqFDeJWMYOYa1MhMTCpLL5UksoYM+BiKbWvXmRH
|
||||||
|
AGZAjIO2sGf6vTFO7SN6LdjCRRqJfS9zQVKHZKUdvfxkGnPaAIqWAwQkM4fFUlZF
|
||||||
|
e5jsGd7owCoEEFAirJpz53z27Xa0En5CLSI5eLGBqLNz31zi1Rdh5BPLAtgLGEoS
|
||||||
|
kOhlDXwgGtTmBAS82sXRr51J6DQr5stKsN68+DCwJiY6GU3Kun2Kyl+bepkEtHLM
|
||||||
|
SOxe5Du3F93kC4TwFckG+JSLrq8neXNbyoBOLYNxPzAGLg9vmD7nX02hFfONdX5p
|
||||||
|
zeGMD+0oyujL0HtH8nKkv9OtvYP1AgMBAAGjUzBRMB0GA1UdDgQWBBTrvPpWYBX6
|
||||||
|
spVt2gpkpDW6yzrBZzAfBgNVHSMEGDAWgBTrvPpWYBX6spVt2gpkpDW6yzrBZzAP
|
||||||
|
BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAqfOJiorxiszfKKeD2
|
||||||
|
eVda5pBU+qDnUOewRKizAktPm7V+cjM7bTEkmEHQ/oKlsT0FX5nsa8YfZCYgdotd
|
||||||
|
cDWC9KqYy9itXPESoJIZ/gMJ57v1BaVDly8tHedXEltob9ywrUyf7OF55eP0fWwb
|
||||||
|
AK90PfnRsxaurVYU5nfI9U/2jpi/LdsEYlJ7zUj7KM/Z2MwPA+be4EqjNcYLT/NB
|
||||||
|
bavhjLgZNoTkI7wYOJug+ouPn6xJJcj06RS1Q4FxtfrsnAuT+L33HemUludEUE00
|
||||||
|
TJwYWJN9hOgbyzTf5EsHxxME1gIhcYLYPMeBr9VIyJxdAEuuDJbn87oOB094sCA+
|
||||||
|
nvpp
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,28 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCYsoKFVSg67/Nc
|
||||||
|
kladOuqFDeJWMYOYa1MhMTCpLL5UksoYM+BiKbWvXmRHAGZAjIO2sGf6vTFO7SN6
|
||||||
|
LdjCRRqJfS9zQVKHZKUdvfxkGnPaAIqWAwQkM4fFUlZFe5jsGd7owCoEEFAirJpz
|
||||||
|
53z27Xa0En5CLSI5eLGBqLNz31zi1Rdh5BPLAtgLGEoSkOhlDXwgGtTmBAS82sXR
|
||||||
|
r51J6DQr5stKsN68+DCwJiY6GU3Kun2Kyl+bepkEtHLMSOxe5Du3F93kC4TwFckG
|
||||||
|
+JSLrq8neXNbyoBOLYNxPzAGLg9vmD7nX02hFfONdX5pzeGMD+0oyujL0HtH8nKk
|
||||||
|
v9OtvYP1AgMBAAECggEAajxoCpPAtaCT1GgL0sBWwdNzETzJrZWd9I3gqRL0KKsn
|
||||||
|
58bP6fvS5/voEG36thYM3WHGNfDDCYJ7GFolYKPrXpS2Gp3r6T7gkdzIaGzvBVEz
|
||||||
|
GkNm8jjX0TUDyLvBHSKyr4RitwkSd81WeCUqEDIOUCI9rZTxJsMN3IOetpNEcJt1
|
||||||
|
xR2kVuTkQiIs5evQCQ2arqTf/VQFb7FuVTtmrOggsTn33FnrUDujTAAsbEoglgvw
|
||||||
|
w1A2AYtMdGcrFIsUMJFdECkQGPVeqzKHddi1k1hv3DmOx5Rf4xJCdTL9ZYzbU1lw
|
||||||
|
ydSAM88UA7MTZWNYCGb4HjqEeDRnMUN/Qbi4f80PgQKBgQDKWLxsCBBgFRoH6nlh
|
||||||
|
TmBwYOmdQkBE09txpcpAFVZVv3eq/syZnT5+pcyj7EUexhu/p78UHPPkXDfnIKKe
|
||||||
|
C+7VOEmSM9cPMZU6cqB1x4+YZkyiU1rPD2SG46ZxBBTKsPWauJNvtuhW3K6kwMCT
|
||||||
|
ECiwG1f9EAmf9q7YKqdXGgUL3QKBgQDBL5WDIRtqHBdIPgHMue/teM+fP8I0/GKV
|
||||||
|
D3oJjBLE+I7JNp0lpeVhDvqfAL0AgZ5023hjlPobUNtpWyuLufzY6S2Pv1scyM3A
|
||||||
|
xW/LVXtC7QzdPmhrPxZkHEmRFA1zXdYo0xH4O+KDXVmYuzpIPfgrQkzt1EvP5jxv
|
||||||
|
tbjY935C+QKBgHZhr+rsVNhBwDb9YQIi3p0gtcyBZCRgZjR5MHiJgzcri5GI/J6q
|
||||||
|
tlNWIQGOS2oTsUxRkaLsxWvG4BXirAEXLiWkhrZ4icuj0JCfW21M0Z/xycf2SFx3
|
||||||
|
vvKD4W6hWqCzIx3f+rITKp8XAT32XzQq8gMGHFY7ucXShryFR93XpTgpAoGALaAF
|
||||||
|
WaDaDqdvwDoUxrsrNRSRRHUUctsglT/AfLy+OhLR9ieV2axijhexjRfpi1MRj1u+
|
||||||
|
BRbMMuNXznwfvrJASyJXBloVNKkgHuUCUC1yHQ5LOX1hv+J4cVBU95Sa0KJaz+15
|
||||||
|
kvzhtFC5tl6Rlzo7gEv6SzkWZpVjtKZgb62T/lECgYBr6PyDcGVGc8rbjxugnUnm
|
||||||
|
rShh7nMRUiTMLpWrucf7Mfr4cwFgejCoEMXPgxJF5Q1acppL0dKQzfmLVqazNX58
|
||||||
|
0XM0+fNDIeGyYKAbqtnqfmyI7O/Lb1jXPFuCNujzDxfeJX0yxoo38US4ZCD2iUrW
|
||||||
|
ZK/FFkm5ncXTenBhpHOANQ==
|
||||||
|
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,32 @@
|
||||||
|
worker_processes auto;
|
||||||
|
error_log /tmp/logs/error.log warn;
|
||||||
|
pid /tmp/nginx.pid;
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
http {
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
client_body_temp_path /tmp/client_temp;
|
||||||
|
proxy_temp_path /tmp/proxy_temp_path;
|
||||||
|
fastcgi_temp_path /tmp/fastcgi_temp;
|
||||||
|
uwsgi_temp_path /tmp/uwsgi_temp;
|
||||||
|
scgi_temp_path /tmp/scgi_temp;
|
||||||
|
|
||||||
|
client_header_buffer_size 4k;
|
||||||
|
large_client_header_buffers 4 32k;
|
||||||
|
client_max_body_size 1150m;
|
||||||
|
|
||||||
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
|
'"$http_user_agent" "$http_x_real_ip" [$proxy_add_x_forwarded_for]';
|
||||||
|
|
||||||
|
access_log /tmp/logs/access.log main;
|
||||||
|
sendfile on;
|
||||||
|
#tcp_nopush on;
|
||||||
|
keepalive_timeout 65;
|
||||||
|
#gzip on;
|
||||||
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
}
|
|
@ -0,0 +1,4 @@
|
||||||
|
APP_HOST=localhost
|
||||||
|
APP_PORT=:51040
|
||||||
|
MS_HOST=localhost
|
||||||
|
MS_PORT=:51041
|
|
@ -0,0 +1,3 @@
|
||||||
|
RABBITMQ_DEFAULT_USER=guest
|
||||||
|
RABBITMQ_DEFAULT_PASS=guest
|
||||||
|
RABBITMQ_DEFAULT_VHOST=/rabbitmq/
|
|
@ -1,90 +0,0 @@
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
elasticsearch:
|
|
||||||
user: 1002:1002 #develuser
|
|
||||||
restart: unless-stopped
|
|
||||||
mem_limit: 2048m
|
|
||||||
environment:
|
|
||||||
- cluster.name=open-dmp-cluster
|
|
||||||
- bootstrap.memory_lock=true
|
|
||||||
- "ES_JAVA_OPTS=-Xmx1024m -Xms1024m"
|
|
||||||
- xpack.license.self_generated.type=basic
|
|
||||||
- xpack.monitoring.collection.enabled=true
|
|
||||||
- xpack.security.enabled=true
|
|
||||||
ulimits:
|
|
||||||
nproc: 65535
|
|
||||||
memlock:
|
|
||||||
soft: -1
|
|
||||||
hard: -1
|
|
||||||
volumes:
|
|
||||||
- ./ELK.Docker/shared/config-elk/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro
|
|
||||||
- ./ELK.Docker/shared/config-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
|
|
||||||
- ./ELK.Docker/shared/data-elk/elasticsearch-01-data:/usr/share/elasticsearch/data
|
|
||||||
- ./ELK.Docker/shared/data-elk/elasticsearch-01-log:/usr/share/elasticsearch/logs
|
|
||||||
#ports:
|
|
||||||
# - 51056:9200
|
|
||||||
# - 51057:9300
|
|
||||||
ports:
|
|
||||||
- "9201:9200"
|
|
||||||
expose:
|
|
||||||
- "9200"
|
|
||||||
hostname: opendmp-elastic
|
|
||||||
networks:
|
|
||||||
open-dmp-elk-network:
|
|
||||||
aliases:
|
|
||||||
- opendmp-elastic
|
|
||||||
|
|
||||||
logstash:
|
|
||||||
# user: 1002:1002 #develuser
|
|
||||||
volumes:
|
|
||||||
- ./ELK.Docker/shared/config-elk/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro
|
|
||||||
- ./ELK.Docker/shared/config-elk/logstash/config/pipelines.yml:/usr/share/logstash/config/pipelines.yml:ro
|
|
||||||
- ./ELK.Docker/shared/config-elk/logstash/config/log4j2.properties:/usr/share/logstash/config/log4j2.properties:ro
|
|
||||||
- ./ELK.Docker/shared/config-elk/logstash/pipeline:/usr/share/logstash/pipeline:ro
|
|
||||||
- ./ELK.Docker/shared/config-elk/logstash/logstash/templates:/usr/share/logstash/templates
|
|
||||||
- ./ELK.Docker/shared/data-elk/logstash-log:/usr/share/logstash/logs
|
|
||||||
- ./ELK.Docker/shared/data-elk/logstash-queue:/usr/share/logstash/queue
|
|
||||||
- ./ELK.Docker/shared/data-elk/logstash-dead_letter_queue:/usr/share/logstash/dead_letter_queue
|
|
||||||
expose:
|
|
||||||
- "31311"
|
|
||||||
- "31312"
|
|
||||||
restart: on-failure
|
|
||||||
mem_limit: 2048m
|
|
||||||
environment:
|
|
||||||
- LS_JAVA_OPTS=-Xmx1024m -Xms1024m
|
|
||||||
- xpack.license.self_generated.type=basic
|
|
||||||
- xpack.security.enabled=true
|
|
||||||
networks:
|
|
||||||
open-dmp-elk-network:
|
|
||||||
|
|
||||||
kibana:
|
|
||||||
# user: 1002:1002 #develuser
|
|
||||||
mem_limit: 512m
|
|
||||||
environment:
|
|
||||||
- xpack.license.self_generated.type=basic
|
|
||||||
- xpack.security.enabled=true
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
- ./ELK.Docker/shared/config-elk/kibana/config:/usr/share/kibana/config:ro
|
|
||||||
#- ./ELK.Docker/shared/config-elk/kibana/certificates:/usr/share/kibana/certificates
|
|
||||||
restart: unless-stopped
|
|
||||||
ports:
|
|
||||||
- "51058:5601"
|
|
||||||
networks:
|
|
||||||
- open-dmp-elk-network
|
|
||||||
|
|
||||||
filebeat:
|
|
||||||
restart: unless-stopped
|
|
||||||
mem_limit: 256m
|
|
||||||
#command: [ "-e=false" ] # to overwrite the -e that disables logging to file!
|
|
||||||
volumes:
|
|
||||||
- ./ELK.Docker/shared/config-elk/filebeat/config/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
|
|
||||||
- ./openDMP/logs:/usr/share/filebeat/log_data/dmp/
|
|
||||||
- ./ELK.Docker/shared/data-elk/filebeat-log:/usr/share/filebeat/logs
|
|
||||||
- ./ELK.Docker/shared/data-elk/filebeat-data:/usr/share/filebeat/data #For windows if we mount the data directory we get "Writing of registry returned error: sync /usr/share/filebeat/data/registry/filebeat: invalid argument."
|
|
||||||
networks:
|
|
||||||
- open-dmp-elk-network
|
|
||||||
|
|
||||||
networks:
|
|
||||||
open-dmp-elk-network:
|
|
|
@ -1,122 +0,0 @@
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
dmp-db:
|
|
||||||
image: postgres
|
|
||||||
container_name: opendmp-db
|
|
||||||
restart: unless-stopped
|
|
||||||
ports:
|
|
||||||
- "5001:5432"
|
|
||||||
expose:
|
|
||||||
- "5432"
|
|
||||||
volumes:
|
|
||||||
- dmpdata:/var/lib/postgresql/data
|
|
||||||
- ./dmp-db-scema:/docker-entrypoint-initdb.d/
|
|
||||||
- ./dmp-db-scema/main:/main
|
|
||||||
- ./dmp-db-scema/updates:/updates
|
|
||||||
env_file: ./dmp-db-scema/Docker/dmp-db.env
|
|
||||||
networks:
|
|
||||||
- opendmp-backend-network
|
|
||||||
|
|
||||||
dmp-pdf-converter:
|
|
||||||
image: gotenberg/gotenberg:7.4.0
|
|
||||||
container_name: opendmp-pdf-converter
|
|
||||||
restart: unless-stopped
|
|
||||||
ports:
|
|
||||||
- "3001:3000"
|
|
||||||
expose:
|
|
||||||
- "3000"
|
|
||||||
hostname: opendmp-pdf
|
|
||||||
networks:
|
|
||||||
opendmp-pdf-network:
|
|
||||||
aliases:
|
|
||||||
- opendmp-pdf
|
|
||||||
|
|
||||||
dmp-backend:
|
|
||||||
build:
|
|
||||||
context: ./dmp-backend
|
|
||||||
container_name: opendmp-backend
|
|
||||||
env_file: ./dmp-backend/Docker/dmp-backend.env
|
|
||||||
restart: unless-stopped
|
|
||||||
mem_limit: 2048m
|
|
||||||
ports:
|
|
||||||
- "8081:8081"
|
|
||||||
expose:
|
|
||||||
- "8080"
|
|
||||||
networks:
|
|
||||||
- opendmp-backend-network
|
|
||||||
- opendmp-pdf-network
|
|
||||||
- open-dmp-elk-network
|
|
||||||
volumes:
|
|
||||||
- ./dmp-backend/web/main/resources/config:/app/config
|
|
||||||
- ./user-guide:/app/user-guide
|
|
||||||
- ./dmp-frontend/src/assets/i18n:/app/i18n
|
|
||||||
- ./dmp-backend/web/main/resources/externalUrls:/app/externalUrls
|
|
||||||
- ./dmp-backend/web/main/resources/templates:/app/templates
|
|
||||||
- ./openDMP/dmp-backend/opendmp-logs:/app/logs
|
|
||||||
- ./openDMP/dmp-backend/tmp:/app/tmp
|
|
||||||
- ./dmp-backend/web/main/resources/logging:/app/logging
|
|
||||||
- ./dmp-backend/web/main/resources/documents:/app/documents
|
|
||||||
|
|
||||||
dmp-frontend:
|
|
||||||
build:
|
|
||||||
context: ./dmp-frontend
|
|
||||||
container_name: opendmp-frontend
|
|
||||||
mem_limit: 2048m
|
|
||||||
restart: unless-stopped
|
|
||||||
ports:
|
|
||||||
- "8080:4200"
|
|
||||||
volumes:
|
|
||||||
- ./openDMP/dmp-frontend/static-files:/usr/share/nginx/static
|
|
||||||
- ./dmp-frontend/src/assets/config:/usr/share/nginx/html/assets/config
|
|
||||||
networks:
|
|
||||||
- opendmp-frontend-network
|
|
||||||
|
|
||||||
elasticsearch:
|
|
||||||
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
|
|
||||||
container_name: elasticsearch
|
|
||||||
build:
|
|
||||||
context: ./ELK.Docker/elasticsearch/
|
|
||||||
args:
|
|
||||||
ELK_VERSION: $ELK_VERSION
|
|
||||||
healthcheck:
|
|
||||||
# test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
|
|
||||||
interval: 30s
|
|
||||||
timeout: 10s
|
|
||||||
retries: 5
|
|
||||||
|
|
||||||
logstash:
|
|
||||||
image: docker.elastic.co/logstash/logstash:${STACK_VERSION}
|
|
||||||
container_name: logstash
|
|
||||||
build:
|
|
||||||
context: ./ELK.Docker/logstash/
|
|
||||||
args:
|
|
||||||
ELK_VERSION: $ELK_VERSION
|
|
||||||
depends_on:
|
|
||||||
- elasticsearch
|
|
||||||
|
|
||||||
kibana:
|
|
||||||
image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
|
|
||||||
build:
|
|
||||||
context: ./ELK.Docker/kibana/
|
|
||||||
args:
|
|
||||||
ELK_VERSION: $ELK_VERSION
|
|
||||||
depends_on:
|
|
||||||
- elasticsearch
|
|
||||||
filebeat:
|
|
||||||
image: docker.elastic.co/filebeat/filebeat:${STACK_VERSION}
|
|
||||||
build:
|
|
||||||
context: ./ELK.Docker/filebeat/
|
|
||||||
args:
|
|
||||||
ELK_VERSION: $ELK_VERSION
|
|
||||||
depends_on:
|
|
||||||
- logstash
|
|
||||||
|
|
||||||
networks:
|
|
||||||
opendmp-frontend-network:
|
|
||||||
opendmp-backend-network:
|
|
||||||
opendmp-pdf-network:
|
|
||||||
open-dmp-elk-network:
|
|
||||||
volumes:
|
|
||||||
dmpdata:
|
|
||||||
external: true
|
|
Loading…
Reference in New Issue