Skip to content
Snippets Groups Projects
Commit 0b9ecd5f authored by Benguria Elguezabal, Gorka's avatar Benguria Elguezabal, Gorka
Browse files

y1 baseline

parents
No related branches found
No related tags found
No related merge requests found
Pipeline #87390 canceled
Showing
with 818 additions and 0 deletions
.env 0 → 100644
# Reference documentation https://docs.docker.com/compose/environment-variables/
# Focus default variables as production, to allow direct download and run in production
# Required external variables that must be defined externally are those that have no value
DEVSVC_BASE_PATH=development-services/
DEVSVC_SETUP_BASE_PATH=
#### Production related ####
DOCKER_REGISTRY_PREFIX=optima-piacere-docker-dev.artifact.tecnalia.com
PROJECT_NAME=
COMPOSE_PROJECT_VERSION=y1
TZ=Madrid
ADMIN_PASSWORD=piacerePassword
HTTPS_PORT=8443
SERVER_HOST=192.168.56.1.nip.io
IOP_SPRING_PROFILES_ACTIVE=dev,api-docs,no-liquibase
# https://docs.docker.com/compose/reference/envvars/#compose_file#compose_project_name
# these are docker-compose related environment variables
COMPOSE_PROJECT_NAME=piacere-production
COMPOSE_FILE=docker-compose-iop.yaml:docker-compose-iop-traefik.yaml:docker-compose-traefik-tecnalia-selfsigned-sans.yaml:development-services/docker-compose-traefik-selfsigned.yaml:docker-compose-expose.yaml:docker-compose-redirect-http.yaml
#### Build related ####
DOCKER_BUILDKIT=1
COMPOSE_DOCKER_CLI_BUILD=1
# Reference documentation https://docs.docker.com/compose/environment-variables/
# Focus default variables as production, to allow direct download and run in production
# Required external variables that must be defined externally are those that have no value
DEVSVC_BASE_PATH=development-services/
#### Production related ####
DOCKER_REGISTRY_PREFIX=optima-piacere-docker-dev.artifact.tecnalia.com
PROJECT_NAME=
COMPOSE_PROJECT_VERSION=y1
TZ=Madrid
ADMIN_PASSWORD=piacerePassword
HTTPS_PORT=8443
SERVER_HOST=192.168.56.1.nip.io
IOP_SPRING_PROFILES_ACTIVE=prod,api-docs,no-liquibase
# https://docs.docker.com/compose/reference/envvars/#compose_file#compose_project_name
# these are docker-compose related environment variables
COMPOSE_PROJECT_NAME=piacere-production
#### Build related ####
DOCKER_BUILDKIT=1
COMPOSE_DOCKER_CLI_BUILD=1
COMPOSE_FILE=docker-compose-iop.yaml:build/docker-compose-iop.yaml:docker-compose-iop-gateway.yaml:docker-compose-traefik-selfsigned.yaml:docker-compose-jhipster-registry.yaml:development-services/build/docker-compose-keycloak-setup.yaml
EXTRA_CA_URL=https://git.code.tecnalia.com/smartdatalab/ca/-/raw/master/ca.crt.pem
.env.int 0 → 100644
# Reference documentation https://docs.docker.com/compose/environment-variables/
# Focus default variables as production, to allow direct download and run in production
# Required external variables that must be defined externally are those that have no value
DEVSVC_BASE_PATH=development-services/
DEVSVC_SETUP_BASE_PATH=
#### Production related ####
DOCKER_REGISTRY_PREFIX=optima-piacere-docker-dev.artifact.tecnalia.com
PROJECT_NAME=
COMPOSE_PROJECT_VERSION=y1
TZ=Madrid
ADMIN_PASSWORD=piacerePassword
HTTPS_PORT=8443
SERVER_HOST=192.168.56.1.nip.io
KEYCLOAK_URL=https://auth.192.168.56.1.nip.io:8443
IOP_SPRING_PROFILES_ACTIVE=prod,api-docs,no-liquibase
# https://docs.docker.com/compose/reference/envvars/#compose_file#compose_project_name
# these are docker-compose related environment variables
COMPOSE_PROJECT_NAME=piacere-production
#### Build related ####
DOCKER_BUILDKIT=1
COMPOSE_DOCKER_CLI_BUILD=1
EXTRA_CA_URL=https://git.code.tecnalia.com/smartdatalab/ca/-/raw/master/ca.crt.pem
#### Development related ####
# CERTIFICATE_SIGNING_KEY_PASSPHRASE=
COMPOSE_FILE=docker-compose-iop.yaml:docker-compose-iop-gateway.yaml:build/docker-compose-iop.yaml:docker-compose-jhipster-registry.yaml:docker-compose-jhipster-registry-tecnalia.yaml:docker-compose-jhipster-registry-oidc.yaml:docker-compose-dev-jhipster-registry.yaml:docker-compose-iop-traefik.yaml:development-services/docker-compose-traefik-tecnalia-selfsigned.yaml:docker-compose-expose.yaml:docker-compose-redirect-http.yaml:development-services/build/docker-compose-traefik-tecnalia-selfsigned.yaml:development-services/docker-compose.yaml:development-services/docker-compose-expose.yaml:development-services/docker-compose-redirect-http.yaml:development-services/build/docker-compose.yaml:development-services/docker-compose-keycloak.yaml:development-services/docker-compose-keycloak-setup.yaml:development-services/build/docker-compose-keycloak-setup.yaml:docker-compose-traefik-tecnalia-selfsigned-sans.yaml
# Reference documentation https://docs.docker.com/compose/environment-variables/
# Focus default variables as production, to allow direct download and run in production
# Required external variables that must be defined externally are those that have no value
DEVSVC_BASE_PATH=development-services/
DEVSVC_SETUP_BASE_PATH=
#### Production related ####
DOCKER_REGISTRY_PREFIX=optima-piacere-docker-dev.artifact.tecnalia.com
PROJECT_NAME=
COMPOSE_PROJECT_VERSION=y1
TZ=Madrid
ADMIN_PASSWORD=piacerePassword
HTTPS_PORT=8443
SERVER_HOST=192.168.56.1.nip.io
KEYCLOAK_URL=https://auth.192.168.56.1.nip.io:8443
IOP_SPRING_PROFILES_ACTIVE=prod,api-docs,no-liquibase
# https://docs.docker.com/compose/reference/envvars/#compose_file#compose_project_name
# these are docker-compose related environment variables
COMPOSE_PROJECT_NAME=piacere-production
COMPOSE_FILE=docker-compose-iop.yaml:build/docker-compose-iop.yaml:docker-compose-iop-gateway.yaml:docker-compose-jhipster-registry.yaml:docker-compose-jhipster-registry-tecnalia.yaml:docker-compose-jhipster-registry-oidc.yaml:development-services/docker-compose-traefik-tecnalia-selfsigned.yaml:docker-compose-expose.yaml:docker-compose-redirect-http.yaml:development-services/build/docker-compose-traefik-tecnalia-selfsigned.yaml:development-services/docker-compose-expose.yaml:development-services/docker-compose-redirect-http.yaml:development-services/docker-compose-keycloak.yaml:development-services/docker-compose-keycloak-setup.yaml:development-services/build/docker-compose-keycloak-setup.yaml
#### Build related ####
DOCKER_BUILDKIT=1
COMPOSE_DOCKER_CLI_BUILD=1
EXTRA_CA_URL=https://git.code.tecnalia.com/smartdatalab/ca/-/raw/master/ca.crt.pem
#### Development related ####
# CERTIFICATE_SIGNING_KEY_PASSPHRASE=
**/bin/
**/sources/
**/target/
**/generated/
**/.classpath
**/.settings/
**/node_modules/
**/logs/*.log
**/logs/*.gz
**/.project
**/.factorypath
**/*.log
**/*.lck
\ No newline at end of file
stages:
- build
- deploy
- stop
# - debug
variables:
GIT_SUBMODULE_STRATEGY: normal
.common_variables:
variables:
TZ: Madrid
SERVER_HOST: iop.poc.piacere.esilab.org
HTTPS_PORT: 8443
SMTP_USER_EMAIL: piacere@esilab.org
PROJECT_NAME: piacere-iop
GIT_SUBMODULES: init
COMPOSE_FILE: "docker-compose.yaml:development-services/docker-compose-traefik-tecnalia-selfsigned.yaml:development-services/docker-compose-redirect-http:development-services/docker-compose.yaml:development-services/docker-compose-expose.yaml"
.main:
extends:
- .common_variables
variables:
# these variables take precedence over .env
# CERTIFICATE_SIGNING_KEY_PASSPHRASE and ADMIN_PASSWORD defined in variables at settings/ci_cd
COMPOSE_PROJECT_NAME: piacere-iop
COMPOSE_PROJECT_VERSION: main
ADD_DEFAULT_CA: "true"
only:
- main
tags:
- docker
- docker-compose
- integration
- iop
- shell
.build:
variables:
GIT_SUBMODULE_STRATEGY: recursive
script:
- export COMPOSE_FILE=$COMPOSE_FILE:build/docker-compose.yaml:development-services/build/docker-compose.yaml:development-services/build/docker-compose-traefik-tecnalia-selfsigned.yaml
- echo "build images"
- docker-compose build --parallel
.deploy:
script:
- echo "Deploy to the environment"
- docker-compose up -d --remove-orphans
.stop:
variables:
GIT_STRATEGY: none
script:
- echo "Stops the environment"
- docker-compose down --remove-orphans
build_main:
stage: build
extends:
- .main
- .build
deploy_main:
stage: deploy
extends:
- .main
- .deploy
environment:
name: main
url: https://$SERVER_HOST:$HTTPS_PORT
on_stop: stop_main
stop_main:
stage: stop
extends:
- .main
- .stop
environment:
name: main
action: stop
when: manual
# job-docker-compose-config:
# stage: debug
# extends:
# - .main
# when: manual
# script:
# - docker-compose config
[submodule "development-services"]
path = development-services
url = ../../../smartdatalab/libraries/docker-compose/development-services.git
README.md 0 → 100644
<!-- Gitlab Specific Markdown guide https://docs.gitlab.com/ee/user/markdown.html -->
# T53 IOP-optimizer
This is a docker compose project that aims to instantiate the application components for different purposes:
* production -> .env
* build -> .env.build
* integration debug -> .env.int
* local development support -> .env.dev
## Prerequisites
In order to use this docker compose you need docker and docker-compose.
* https://www.docker.com/ (latest tested version 20.10.8, build 3967b7d)
* https://docs.docker.com/compose/ (latest tested version 1.29.0, build 07737305)
## How to use
The docker-compose can be started in different ways depending your purpose. But in all the cases the first step is to download the repo.
```bash
git clone https://git.code.tecnalia.com/piacere/private/t53-iop-optimizer.git
cd t53-iop-optimizer
````
NOTE: For develop and debug scenarios the repo relays in git submodules and therefore if we need to build the component images (the typical case) we need to user the "--recurse-submodules" option to download the submodules. Or issuing a "git submodule update --init --recursive" statement latter on.
After that we may need to change some of the variables at .env to secure the deployment or customize to our needs. Examples of variables that could be subject to change are:
```bash
export SERVER_HOST=somedomain
export HTTPS_PORT=8443
export ADMIN_PASSWORD=somestrongpassword
````
NOTE: Another posibility could be to edit the .env file directly, but beware of uploading secrets to git
### For production
By default the project is configured to support the production scenario where we relay in previously uploaded images to the artifactory. The file containing the default variables for this scenario is .env
```bash
git clone https://git.code.tecnalia.com/piacere/private/t53-iop-optimizer.git
cd t53-iop-optimizer
export SERVER_HOST=basedomain.org
export HTTPS_PORT=8443
export ADMIN_PASSWORD=somestrongpassword
docker login optima-piacere-docker-dev.artifact.tecnalia.com -u user@domain.net -p repositoryToken
docker-compose pull
docker-compose up -d --no-build --remove-orphans
echo to stop
docker-compose down --remove-orphans
echo if we what to remove also the persistent information
docker-compose down --volumes --remove-orphans
````
### For secure production
By default the project is configured to support the production scenario where we relay in previously uploaded images to the artifactory. The file containing the default variables for this scenario is .env
```bash
git clone https://git.code.tecnalia.com/piacere/private/t53-iop-optimizer.git
cd t53-iop-optimizer
export SERVER_HOST=basedomain.org
export HTTPS_PORT=8443
export ADMIN_PASSWORD=somestrongpassword
docker login optima-piacere-docker-dev.artifact.tecnalia.com -u user@domain.net -p repositoryToken
docker-compose pull
docker-compose --env-file .env.secure up -d --no-build --remove-orphans
echo to stop
docker-compose --env-file .env.secure down --remove-orphans
echo if we what to remove also the persistent information
docker-compose --env-file .env.secure down --volumes --remove-orphans
````
### For building
Another tipical scenario is to run the docker-compose for building the images after some updates. The file containing the default variables for this scenario is .env.build.
```bash
git clone --recurse-submodules https://git.code.tecnalia.com/piacere/private/t53-iop-optimizer.git
cd t53-iop-optimizer
docker-compose --env-file .env.build build
docker login optima-piacere-docker-dev.artifact.tecnalia.com -u user@domain.net -p repositoryToken
docker-compose --env-file .env.build push
````
NOTE: For this task as metioned before it is necessary to download the submodules
### For integration debug
Another tipical scenario is to run the docker-compose to test the whole solution during development or debug activities inside a development computer. The file containing the default variables for this scenario is .env.int.
```bash
git clone --recurse-submodules https://git.code.tecnalia.com/piacere/private/t53-iop-optimizer.git
cd t53-iop-optimizer
export CERTIFICATE_SIGNING_KEY_PASSPHRASE=thesecretkeytodecryptthecaprivatekey
docker-compose --env-file .env.int build
docker-compose --env-file .env.int up -d --no-build --remove-orphans
docker-compose --env-file .env.int down --remove-orphans
echo if we what to remove also the persistent information
docker-compose down --env-file .env.int --volumes --remove-orphans
```
## How to access
Once we sucessfully deploy the docker-compose, we will be able to access the services at (supposing SERVER_HOST=192.168.56.1.nip.io and HTTPS_PORT=8443):
* https://secure.iop.192.168.56.1.nip.io:8443/ to access iop gateway for security and scalability
* https://iop.192.168.56.1.nip.io:8443/ to access iop optimizer directly without security
Appart from those in case we are using the ".env.int" we will have access to aditional endpoints
* https://jhipster-registry.192.168.56.1.nip.io:8443/ to access jhipster registry
And to those generic described at [development-services](git/deploy/development-services/README.md)
* https://traefik.192.168.56.1.nip.io:8443/ to access traefik dashboard
* https://traefik.192.168.56.1.nip.io:8443/api/http/routers to access traefik api
* https://portainer.192.168.56.1.nip.io:8443/ to access portainer
* https://ca.192.168.56.1.nip.io:8443/ to access the tecnalia ca in case we use the tecnalia traefik
* https://auth.192.168.56.1.nip.io:8443/ to access keycloak
* ...
# Using docker directly
The iop-optimizer can also be used directly with docker, i.e.
```bash
docker login optima-piacere-docker-dev.artifact.tecnalia.com -u user@domain.net -p repositoryToken
docker pull optima-piacere-docker-dev.artifact.tecnalia.com/wp5/iop-optimizer:y1
docker run -d -p 8081:8081 --name iop optima-piacere-docker-dev.artifact.tecnalia.com/wp5/iop-optimizer:y1
curl -X 'POST' http://localhost:8081/api/optimize -H 'accept: */*' -H 'Content-Type: application/json' -d 'doml nginx_openstack application app { software_component nginx { properties { // site source_code=\"/usr/share/nginx/html/index.html\"; } }}infrastructure infra { vm vm1 { ifaces { iface i1 { address \"16.0.0.1\" } } } vm_image v_img { generates vm1 } net net1 { address \"16.0.0.0/24\" protocol \"tcp/ip\" } autoscale_group ag { vm1 }} deployment config { nginx -> vm1} active deployment config concretizations { concrete_infrastructure con_infra { provider openstack { vm concrete_vm { properties { vm_name = \"nginx-host\"; vm_flavor = \"small\"; vm_security_groups = \"default\"; vm_key_name = \"user1\"; ssh_user = \"ubuntu\"; ssh_key_file = \"/home/user1/.ssh/openstack.key\"; } maps vm1 } vm_image concrete_vm_image { properties { name = \"ubuntu-20.04.3\"; } maps v_img } net concrete_net { properties { name = \"ostack2\"; } maps net1 } } } active con_infra}optimization opt { objectives { \"cost\" => min } nonfunctional_requirements { req1 \"Cost <= 200\" max 200 => \"cost\"; req2 \"Availability >= 98%\" min 98 => \"availability\"; req3 \"Region\" values \"00EU\" => \"region\"; }}'
```
If the service is called correctly, it will return a String in JSON format, following this structure:
```
{
"Solutions":[
{
"Objectives":[
200.0,
99.76666666666665,
8.0
],
"Solution":"[Storage4_Europe, db.dynamo.3, C8_Germany]"
},
{
"Objectives":[
45.53,
99.03333333333335,
11.0
],
"Solution":"[Storage1_Spain, db.dynamo.3, t2.nano]"
}
}
]
}
```
Basically, for each solution we show the objectives (cost: 200, availability: 99.7 and performance: 8), and the solution itself (that is, the elements of the IEC that have been chosen).
If the IOP is called using an String in an incorrect format, it will return an incoherent solution, composed by the whole IEC with the "objectives" clause empty:
```
{
"Solutions":[
{
"Objectives":[],
"Solution":"[Storage4_Europe]"
},
{
"Objectives":[],
"Solution":"[t2.nano]"
}
}
]
}
```
# This configuration is intended for development purpose, it's **your** responsibility to harden it for production
version: '3.8'
services:
iop-gateway:
build:
context: ${IOP_BUILD_RELATIVE_FOLDER}git/iop-gateway
dockerfile: Dockerfile
args:
BUILDKIT_INLINE_CACHE: 1
EXTRA_CA_URL: ${EXTRA_CA_URL:?err}
iop-optimizer:
build:
context: ${IOP_BUILD_RELATIVE_FOLDER}git/iop-optimizer
dockerfile: Dockerfile
args:
BUILDKIT_INLINE_CACHE: 1
EXTRA_CA_URL: ${EXTRA_CA_URL:?err}
\ No newline at end of file
# Common configuration shared between all applications
global:
password: ${GLOBAL_PASSWORD:admin}
registry:
url: ${GLOBAL_REGISTRY_URL:http://admin:${global.password}@jhipster-registry:8761}
configserver:
name: Docker JHipster Registry
status: Connected to the JHipster Registry running in Docker using confiserver at jhipster registry ${global.registry.url}
jhipster:
registry:
password: ${global.password}
security:
authentication:
jwt:
# This token must be encoded using Base64 and be at least 256 bits long (you can type `openssl rand -base64 64` on your command line to generate a 512 bits one)
# As this is the PRODUCTION configuration, you MUST change the default key, and store it securely:
# - In the JHipster Registry (which includes a Spring Cloud Config server)
# - In a separate `application-prod.yml` file, in the same folder as your executable JAR file
# - In the `JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET` environment variable
base64-secret: MjFhOTY5YjFiYjZjZGM0YTlhZjM1OGYwZmU2MjE1ZTJiNTNmM2Q0OTdiMDhmNDQzNjRjZWQyZDM0YmI0YjkwMGI4ZDc0ZGE0MGM3Yzg0M2U2Y2Q0ZDE4MDcwNzc4ODQyMjczOWYyODNlY2RmOTQzNGQzOTc3NDc0MDdkNjlkN2I=
# Token is valid 24 hours
token-validity-in-seconds: 86400
token-validity-in-seconds-for-remember-me: 2592000
spring:
security:
user:
password: ${global.password}
eureka:
instance:
# not sure the reason for this
prefer-ip-address: true
client:
service-url:
defaultZone: ${global.registry.url}/eureka/
server:
forward-headers-strategy: framework
\ No newline at end of file
# ===================================================================
# Spring Boot configuration for the "prod" profile.
#
# This configuration overrides the application.yml file.
#
# More information on profiles: https://www.jhipster.tech/profiles/
# More information on configuration properties: https://www.jhipster.tech/common-application-properties/
# ===================================================================
# ===================================================================
# Standard Spring Boot properties.
# Full reference is available at:
# http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html
# ===================================================================
global:
mysql:
url: ${GLOBAL_MYSQL_URL:mysql://iec-mysql:3306/iecFrontend?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC&createDatabaseIfNotExist=true}
management:
metrics:
export:
prometheus:
enabled: false
#spring:
spring:
devtools:
restart:
enabled: false
livereload:
enabled: false
thymeleaf:
cache: true
sleuth:
sampler:
probability: 1 # report 100% of traces
zipkin: # Use the "zipkin" Maven profile to have the Spring Cloud Zipkin dependencies
base-url: http://localhost:9411
enabled: false
locator:
discovery:
enabled: true
security:
oauth2:
client:
# provider:
# oidc:
# issuer-uri: http://keycloak:8080/auth/realms/jhipster must be provided
registration:
oidc:
client-id: web_app
client-secret: web_app
scope: openid,profile,email
server:
port: 8080
shutdown: graceful # see https://docs.spring.io/spring-boot/docs/current/reference/html/spring-boot-features.html#boot-features-graceful-shutdown
compression:
enabled: true
mime-types: text/html,text/xml,text/plain,text/css, application/javascript, application/json
min-response-size: 1024
# ===================================================================
# JHipster specific properties
#
# Full reference is available at: https://www.jhipster.tech/common-application-properties/
# ===================================================================
jhipster:
http:
cache: # Used by the CachingHttpHeadersFilter
timeToLiveInDays: 1461
# jhipster:
# gateway:
# authorized-microservices-endpoints:
# iecbackend: /api/root-services/catalogue,/v2,/v3
cors:
# allowed-origins: "${JHIPSTER_CORS_ALLOWEDORIGINS:https://iec.192.168.56.1.nip.io:8443}" this is valid expression
allowed-origins: "${JHIPSTER_CORS_ALLOWEDORIGINS:*}"
allowed-methods: "*"
allowed-headers: "*"
exposed-headers: "Authorization,Link,X-Total-Count,X-${jhipster.clientApp.name}-alert,X-${jhipster.clientApp.name}-error,X-${jhipster.clientApp.name}-params"
allow-credentials: "true"
max-age: 1800
mail: # specific JHipster mail property, for standard properties see MailProperties
base-url: http://my-server-url-to-change # Modify according to your server's URL
logging:
use-json-format: false # By default, logs are not in Json format
logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration
enabled: false
host: localhost
port: 5000
queue-size: 512
# ===================================================================
# Application specific properties
# Add your own application properties here, see the ApplicationProperties class
# to have type-safe configuration, like in the JHipsterProperties above
#
# More documentation is available at:
# https://www.jhipster.tech/common-application-properties/
# ===================================================================
# ===================================================================
# Spring Boot configuration for the "prod" profile.
#
# This configuration overrides the application.yml file.
#
# More information on profiles: https://www.jhipster.tech/profiles/
# More information on configuration properties: https://www.jhipster.tech/common-application-properties/
# ===================================================================
# ===================================================================
# Standard Spring Boot properties.
# Full reference is available at:
# http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html
# ===================================================================
# logging:
# file:
# name: logs/iop-optimizer.log
# level:
# ROOT: INFO
# tech.jhipster: INFO
# com.piacere.iop.optimizer: INFO
# org.uma.jmetal: INFO
management:
metrics:
export:
prometheus:
enabled: false
#spring:
spring:
devtools:
restart:
enabled: false
livereload:
enabled: false
thymeleaf:
cache: true
sleuth:
sampler:
probability: 1 # report 100% of traces
zipkin: # Use the "zipkin" Maven profile to have the Spring Cloud Zipkin dependencies
base-url: http://localhost:9411
enabled: false
locator:
discovery:
enabled: true
# security:
# oauth2:
# client:
# # provider:
# # oidc:
# # issuer-uri: http://keycloak:8080/auth/realms/jhipster must be provided
# registration:
# oidc:
# client-id: web_app
# client-secret: web_app
# scope: openid,profile,email
# ===================================================================
# To enable TLS in production, generate a certificate using:
# keytool -genkey -alias iopoptimizer -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
#
# You can also use Let's Encrypt:
# https://maximilian-boehm.com/hp2121/Create-a-Java-Keystore-JKS-from-Let-s-Encrypt-Certificates.htm
#
# Then, modify the server.ssl properties so your "server" configuration looks like:
#
# server:
# port: 443
# ssl:
# key-store: classpath:config/tls/keystore.p12
# key-store-password: password
# key-store-type: PKCS12
# key-alias: selfsigned
# # The ciphers suite enforce the security by deactivating some old and deprecated SSL cipher, this list was tested against SSL Labs (https://www.ssllabs.com/ssltest/)
# ciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
# ===================================================================
server:
port: 8081
shutdown: graceful # see https://docs.spring.io/spring-boot/docs/current/reference/html/spring-boot-features.html#boot-features-graceful-shutdown
compression:
enabled: true
mime-types: text/html,text/xml,text/plain,text/css, application/javascript, application/json
min-response-size: 1024
# ===================================================================
# JHipster specific properties
#
# Full reference is available at: https://www.jhipster.tech/common-application-properties/
# ===================================================================
jhipster:
http:
cache: # Used by the CachingHttpHeadersFilter
timeToLiveInDays: 1461
cache: # Cache configuration
hazelcast: # Hazelcast distributed cache
time-to-live-seconds: 3600
backup-count: 1
registry:
password: admin
logging:
use-json-format: false # By default, logs are not in Json format
logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration
enabled: false
host: localhost
port: 5000
queue-size: 512
# jhipster:
# gateway:
# authorized-microservices-endpoints:
# iecbackend: /api/root-services/catalogue,/v2,/v3
# ===================================================================
# Application specific properties
# Add your own application properties here, see the ApplicationProperties class
# to have type-safe configuration, like in the JHipsterProperties above
#
# More documentation is available at:
# https://www.jhipster.tech/common-application-properties/
# ===================================================================
# Common configuration shared between all applications
global:
password: ${GLOBAL_PASSWORD:admin}
registry:
url: ${GLOBAL_REGISTRY_URL:http://admin:${global.password}@jhipster-registry:8761}
configserver:
name: Docker JHipster Registry
status: Connected to the JHipster Registry running in Docker using confiserver at jhipster registry ${global.registry.url}
jhipster:
registry:
password: ${global.password}
security:
authentication:
jwt:
# This token must be encoded using Base64 and be at least 256 bits long (you can type `openssl rand -base64 64` on your command line to generate a 512 bits one)
# As this is the PRODUCTION configuration, you MUST change the default key, and store it securely:
# - In the JHipster Registry (which includes a Spring Cloud Config server)
# - In a separate `application-prod.yml` file, in the same folder as your executable JAR file
# - In the `JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET` environment variable
base64-secret: MjFhOTY5YjFiYjZjZGM0YTlhZjM1OGYwZmU2MjE1ZTJiNTNmM2Q0OTdiMDhmNDQzNjRjZWQyZDM0YmI0YjkwMGI4ZDc0ZGE0MGM3Yzg0M2U2Y2Q0ZDE4MDcwNzc4ODQyMjczOWYyODNlY2RmOTQzNGQzOTc3NDc0MDdkNjlkN2I=
# Token is valid 24 hours
token-validity-in-seconds: 86400
token-validity-in-seconds-for-remember-me: 2592000
spring:
security:
user:
password: ${global.password}
eureka:
instance:
# not sure the reason for this
prefer-ip-address: true
client:
service-url:
defaultZone: ${global.registry.url}/eureka/
server:
forward-headers-strategy: framework
\ No newline at end of file
jhipster:
cors:
# allowed-origins: "${JHIPSTER_CORS_ALLOWEDORIGINS:https://jhipster-registry.192.168.56.1.nip.io:8443}" this is valid expression
allowed-origins: "${JHIPSTER_CORS_ALLOWEDORIGINS:*}"
allowed-methods: "*"
allowed-headers: "*"
exposed-headers: "Authorization,Link,X-Total-Count"
allow-credentials: "true"
max-age: 1800
This diff is collapsed.
version: '3.8'
services:
traefik:
networks:
default:
aliases:
- jhipster-registry.${SERVER_HOST}
jhipster-registry:
labels:
- "traefik.enable=true"
- "traefik.http.routers.jhipster-registry.entrypoints=websecure"
- "traefik.http.routers.jhipster-registry.rule=Host(`jhipster-registry.${SERVER_HOST:?err}`)"
version: "3.8"
services:
## Common structure
traefik:
ports:
- ${HTTPS_PORT:?err}:${HTTPS_PORT:?err}
# This configuration is intended for development purpose, it's **your** responsibility to harden it for production
version: '3.8'
services:
traefik:
networks:
default:
aliases:
- iop.${SERVER_HOST}
iop-gateway:
# image: iop-gateway
image: ${DOCKER_REGISTRY_PREFIX}${PROJECT_NAME}/wp5/iop-gateway:${COMPOSE_PROJECT_VERSION:?err}
restart: always
depends_on:
- jhipster-registry
environment:
GLOBAL_PASSWORD: ${ADMIN_PASSWORD}
# GLOBAL_REGISTRY_URL: http://admin:${ADMIN_PASSWORD}@jhipster-registry:8761
JHIPSTER_CORS_ALLOWEDORIGINS: "https://iop.${SERVER_HOST:?err}:${HTTPS_PORT}"
# Unlike the Jhipster registry, for some reason it cannot work without oidc info
SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI: ${KEYCLOAK_URL}/auth/realms/jhipster
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_ID: web-app
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_SECRET: web-app
labels:
- "traefik.enable=true"
- "traefik.http.routers.iop-gateway.rule=Host(`secure.iop.${SERVER_HOST:?err}`)"
- "traefik.http.routers.iop-gateway.entrypoints=websecure"
version: '3.8'
services:
traefik:
networks:
default:
aliases:
- jhipster-registry.${SERVER_HOST}
iop-optimizer:
labels:
- "traefik.enable=true"
- "traefik.http.routers.iop-optimizer.entrypoints=websecure"
- "traefik.http.routers.iop-optimizer.rule=Host(`iop.${SERVER_HOST:?err}`)"
# This configuration is intended for development purpose, it's **your** responsibility to harden it for production
version: '3.8'
services:
traefik:
networks:
default:
aliases:
- optimizer.iop.${SERVER_HOST}
iop-optimizer:
image: ${DOCKER_REGISTRY_PREFIX}${PROJECT_NAME}/wp5/iop-optimizer:${COMPOSE_PROJECT_VERSION:?err}
restart: always
environment:
GLOBAL_PASSWORD: ${ADMIN_PASSWORD}
# GLOBAL_REGISTRY_URL: http://admin:${ADMIN_PASSWORD}@jhipster-registry:8761
JHIPSTER_CORS_ALLOWEDORIGINS: "https://iop.${SERVER_HOST:?err}:${HTTPS_PORT}"
# Unlike the Jhipster registry, for some reason it cannot work without oidc info
SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI: ${KEYCLOAK_URL}/auth/realms/jhipster
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_ID: internal
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_SECRET: internal
SPRING_PROFILES_ACTIVE: ${IOP_SPRING_PROFILES_ACTIVE:?err}
BACKEND_CATALOG_URL: https://iec.${SERVER_HOST:?err}:${HTTPS_PORT}/services/iecbackend/api/root-services/catalogue
# MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED: "true"
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment