mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

ein wenig aufgeräumt

Browse Source
This commit is contained in:
stefan
2025-09-06 13:35:32 +02:00
parent dac0c691c8
commit 2dc6a06990
41 changed files with 1872 additions and 3153 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.env
-202
View File
@@ -1,202 +0,0 @@
# =============================================================================
# Meldestelle - Environment Configuration
# =============================================================================
# This file contains all environment variables for the Meldestelle application.
# Adjust values as needed for your local development environment.
#
# ⚠️ SECURITY WARNING:
# - Never commit production secrets to version control
# - Change JWT_SECRET in production
# - Use strong passwords for production environments
# - Rotate API keys regularly
# =============================================================================
# =============================================================================
# 1. PORT MANAGEMENT - SINGLE SOURCE OF TRUTH
# =============================================================================
# Gateway Ports
GATEWAY_PORT=8081
GATEWAY_ADMIN_PORT=8080
# Service Ports (eindeutige Zuweisung)
PING_SERVICE_PORT=8082
MEMBERS_SERVICE_PORT=8083
HORSES_SERVICE_PORT=8084
EVENTS_SERVICE_PORT=8085
MASTERDATA_SERVICE_PORT=8086
AUTH_SERVICE_PORT=8087
# Infrastructure Ports
CONSUL_PORT=8500
REDIS_PORT=6379
KAFKA_PORT=9092
PROMETHEUS_PORT=9090
GRAFANA_PORT=3000
# Development Notes for Multi-Developer Setup
# Developer 1: Verwende Standard-Ports
# Developer 2: Alle Ports +100 (GATEWAY_PORT=8181, etc.)
# Developer 3: Alle Ports +200 (GATEWAY_PORT=8281, etc.)
# =============================================================================
# 2. APPLICATION CONFIGURATION
# =============================================================================
API_HOST=0.0.0.0
API_PORT=8081
APP_NAME=Meldestelle
APP_VERSION=1.0.0
APP_DESCRIPTION='Pferdesport Meldestelle System'
APP_ENVIRONMENT=development
# Development-specific settings
DEBUG_MODE=true
DEV_HOT_RELOAD=true
# =============================================================================
# 2. DATABASE CONFIGURATION (PostgreSQL)
# =============================================================================
# Application database settings
DB_HOST=localhost
DB_PORT=5432
DB_NAME=meldestelle
DB_USER=meldestelle
DB_PASSWORD=meldestelle
DB_MAX_POOL_SIZE=10
DB_MIN_POOL_SIZE=5
DB_AUTO_MIGRATE=true
# Docker PostgreSQL container settings
POSTGRES_USER=meldestelle
POSTGRES_PASSWORD=meldestelle
POSTGRES_DB=meldestelle
# External port for multiple developers (change if needed)
POSTGRES_EXTERNAL_PORT=5432
# =============================================================================
# 3. REDIS CONFIGURATION
# =============================================================================
# Event Store Configuration
REDIS_EVENT_STORE_HOST=localhost
REDIS_EVENT_STORE_PORT=6379
REDIS_EVENT_STORE_PASSWORD=
REDIS_EVENT_STORE_DATABASE=0
REDIS_EVENT_STORE_CONNECTION_TIMEOUT=2000
REDIS_EVENT_STORE_READ_TIMEOUT=2000
REDIS_EVENT_STORE_USE_POOLING=true
REDIS_EVENT_STORE_MAX_POOL_SIZE=8
REDIS_EVENT_STORE_MIN_POOL_SIZE=2
# Cache Configuration
REDIS_CACHE_HOST=localhost
REDIS_CACHE_PORT=6379
REDIS_CACHE_PASSWORD=
REDIS_CACHE_DATABASE=1
# External port for multiple developers (change if needed)
REDIS_EXTERNAL_PORT=6379
# Production Redis Password (for docker-compose.prod.yml)
REDIS_PASSWORD=redis-production-password-change-me
# =============================================================================
# 4. SECURITY CONFIGURATION
# =============================================================================
JWT_SECRET=meldestelle-jwt-secret-key-for-development-change-in-production
JWT_ISSUER=meldestelle-api
JWT_AUDIENCE=meldestelle-clients
JWT_REALM=meldestelle
API_KEY=meldestelle-api-key-for-development
# =============================================================================
# 5. KEYCLOAK CONFIGURATION
# =============================================================================
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=admin
KC_DB=postgres
KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak
KC_DB_USERNAME=meldestelle
KC_DB_PASSWORD=meldestelle
# Production Keycloak hostname (for docker-compose.prod.yml)
KC_HOSTNAME=auth.meldestelle.local
# =============================================================================
# 6. SERVICE DISCOVERY (Consul)
# =============================================================================
CONSUL_HOST=consul
SERVICE_DISCOVERY_ENABLED=true
SERVICE_DISCOVERY_REGISTER_SERVICES=true
SERVICE_DISCOVERY_HEALTH_CHECK_PATH=/health
SERVICE_DISCOVERY_HEALTH_CHECK_INTERVAL=10
# =============================================================================
# 7. MESSAGING (Kafka)
# =============================================================================
ZOOKEEPER_CLIENT_PORT=2181
KAFKA_BROKER_ID=1
KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1
# =============================================================================
# 8. MONITORING
# =============================================================================
# Grafana Configuration
GF_SECURITY_ADMIN_USER=admin
GF_SECURITY_ADMIN_PASSWORD=admin
GF_USERS_ALLOW_SIGN_UP=false
# Metrics Authentication
METRICS_AUTH_USERNAME=admin
METRICS_AUTH_PASSWORD=metrics
# Production hostnames (for docker-compose.prod.yml)
GRAFANA_HOSTNAME=grafana.meldestelle.local
PROMETHEUS_HOSTNAME=prometheus.meldestelle.local
# =============================================================================
# 9. LOGGING CONFIGURATION
# =============================================================================
LOGGING_LEVEL=DEBUG
LOGGING_REQUESTS=true
LOGGING_RESPONSES=true
LOGGING_REQUEST_HEADERS=true
LOGGING_REQUEST_BODY=true
LOGGING_RESPONSE_HEADERS=true
LOGGING_RESPONSE_BODY=true
LOGGING_STRUCTURED=true
LOGGING_CORRELATION_ID=true
LOGGING_REQUEST_ID_HEADER=X-Request-ID
# =============================================================================
# 10. CORS AND RATE LIMITING
# =============================================================================
SERVER_CORS_ENABLED=true
SERVER_CORS_ALLOWED_ORIGINS=*
RATELIMIT_ENABLED=true
RATELIMIT_GLOBAL_LIMIT=100
RATELIMIT_GLOBAL_PERIOD_MINUTES=1
RATELIMIT_INCLUDE_HEADERS=true
# =============================================================================
# DEVELOPMENT NOTES
# =============================================================================
# For multiple developers working simultaneously, adjust these ports:
#
# Developer 1 (Standard):
# API_PORT=8081
# POSTGRES_EXTERNAL_PORT=5432
# REDIS_EXTERNAL_PORT=6379
#
# Developer 2:
# API_PORT=8082
# POSTGRES_EXTERNAL_PORT=5433
# REDIS_EXTERNAL_PORT=6380
#
# Developer 3:
# API_PORT=8083
# POSTGRES_EXTERNAL_PORT=5434
# REDIS_EXTERNAL_PORT=6381
.env
Symlink
+1
View File
@@ -0,0 +1 @@
config/.env.dev
.env.template
-27
View File
@@ -1,27 +0,0 @@
# ===================================================================
# Meldestelle Environment Variables Template
# Copy to .env and customize for your environment
# ===================================================================
# Database Configuration
POSTGRES_USER=meldestelle
POSTGRES_PASSWORD=meldestelle
POSTGRES_DB=meldestelle
# Redis Configuration
REDIS_PASSWORD=
# Keycloak Configuration
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=admin
KC_DB=postgres
KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak
KC_DB_USERNAME=meldestelle
KC_DB_PASSWORD=meldestelle
# JWT Configuration
JWT_SECRET=meldestelle-auth-secret-key-change-in-production
JWT_EXPIRATION=86400
# Monitoring Configuration
GF_SECURITY_ADMIN_USER=admin
GF_SECURITY_ADMIN_PASSWORD=admin
# Production URLs (for production environment)
KC_HOSTNAME=auth.meldestelle.at
GRAFANA_HOSTNAME=monitor.meldestelle.at
PROMETHEUS_HOSTNAME=metrics.meldestelle.at
ESSENTIAL_TESTS_INTEGRATION_SUMMARY.md
-193
View File
@@ -1,193 +0,0 @@
# Essential Tests Integration Summary - Client Modules
## Overview
This document summarizes the successful integration of essential tests across all client modules (`common-ui`, `desktop-app`, `web-app`) as requested for the "Tracer Bullet" development cycle.
## Integration Results
### ✅ All Client Module Tests Successfully Implemented
- **Common-UI**: Essential business logic tests ✓
- **Desktop-App**: Desktop-specific functionality tests ✓
- **Web-App**: Web-specific functionality tests ✓
- **Cross-Module Integration**: All tests run together successfully ✓
## Test Coverage by Module
### 1. Common-UI Module (`client/common-ui`)
#### **Test Infrastructure Added**
- **Build Configuration**: Added `commonTest` sourceSet with essential dependencies
- **Testing Dependencies**: kotlin-test, kotlinx-coroutines-test
- **Test Execution**: `./gradlew :client:common-ui:jvmTest` ✅ BUILD SUCCESSFUL
#### **Essential Tests Implemented**
##### **PingResponseTest.kt** (Data Layer Testing)
```kotlin
// Coverage: 7 comprehensive tests
- Data model creation and validation
- JSON serialization/deserialization (critical for network calls)
- Edge cases (empty status, different values)
- Data class behavior (equals, hashCode, toString)
- Serialization roundtrip testing
```
##### **PingServiceTest.kt** (Service Layer Testing)
```kotlin
// Coverage: 10 structural tests
- Service creation with default/custom parameters
- HttpClient lifecycle management and resource cleanup
- Service configuration validation
- Multiple close calls handling
- Different baseUrl format support
- Result wrapper pattern validation
```
##### **PingViewModelTest.kt** (MVVM Layer Testing)
```kotlin
// Coverage: 8 state management tests
- PingUiState sealed class validation (Initial, Loading, Success, Error)
- ViewModel creation with initial state
- State transition to Loading on ping action
- Resource disposal and cleanup
- State immutability enforcement
- Different service configuration handling
```
**Critical Business Logic Covered:**
- ✅ Network service layer (HTTP client, resource management)
- ✅ MVVM architecture (state management, four UI states)
- ✅ Data models (serialization, validation)
- ✅ Integration patterns (Result wrappers, coroutines)
### 2. Desktop-App Module (`client/desktop-app`)
#### **Test Infrastructure Status**
- **Existing Tests**: Comprehensive coverage already in place
- **Test Execution**: `./gradlew :client:desktop-app:jvmTest` ✅ BUILD SUCCESSFUL
#### **Essential Tests Available**
##### **MainTest.kt** (Desktop-Specific Testing)
```kotlin
// Coverage: 3 comprehensive tests
- Main class loading and structure verification
- Package structure validation
- System property configuration (API URL handling)
```
**Desktop-Specific Functionality Covered:**
- ✅ Application bootstrap and main class structure
- ✅ JVM-specific configuration management
- ✅ Desktop application lifecycle
- ✅ Integration with common-ui MVVM architecture
### 3. Web-App Module (`client/web-app`)
#### **Test Infrastructure Status**
- **Existing Tests**: Comprehensive coverage already in place
- **Test Execution**: `./gradlew :client:web-app:jsTest` ✅ BUILD SUCCESSFUL
#### **Essential Tests Available**
##### **MainTest.kt** (Web-Specific Testing)
```kotlin
// Coverage: 4 comprehensive tests
- Main function accessibility validation
- Package structure (JS-compatible)
- AppStylesheet accessibility and style validation
- Web application structure validation
```
**Web-Specific Functionality Covered:**
- ✅ JavaScript environment compatibility
- ✅ Compose for Web integration
- ✅ CSS styling infrastructure
- ✅ PWA-ready application structure
- ✅ Integration with common-ui MVVM architecture
## Integration Validation
### ✅ Multi-Platform Test Execution
```bash
./gradlew :client:common-ui:jvmTest :client:desktop-app:jvmTest :client:web-app:jsTest
# Result: BUILD SUCCESSFUL in 4s ✅
```
### ✅ Test Coverage Statistics
- **Common-UI**: 25 essential tests (PingResponse: 7, PingService: 10, PingViewModel: 8)
- **Desktop-App**: 3 structural tests (desktop-specific functionality)
- **Web-App**: 4 structural tests (web-specific functionality)
- **Total**: 32 essential tests across all client modules
## Critical Issues Resolved
### 1. **Missing Test Infrastructure in Common-UI** ❌➜✅
**Problem**: No test configuration or files despite containing critical business logic
**Solution**: Added complete commonTest sourceSet with proper dependencies
### 2. **Untested Business Logic** ❌➜✅
**Problem**: PingService, PingViewModel, PingResponse had zero test coverage
**Solution**: Comprehensive test suites covering all critical functionality
### 3. **MVVM Architecture Validation** ❌➜✅
**Problem**: No validation of four UI states and state transitions
**Solution**: Complete PingViewModelTest covering all state management scenarios
### 4. **Cross-Module Integration Risk** ❌➜✅
**Problem**: Shared code changes could break both desktop and web apps
**Solution**: Integrated test execution validates compatibility across all modules
## Quality Assurance Benefits
### 🔒 **Production Stability**
- **Network Layer**: HTTP client and resource management validated
- **State Management**: MVVM pattern and UI states thoroughly tested
- **Data Layer**: Serialization and model validation confirmed
- **Platform Integration**: Desktop and web compatibility verified
### 🚀 **Development Confidence**
- **Regression Prevention**: Automated tests catch breaking changes
- **Refactoring Safety**: Code changes validated across all platforms
- **Documentation**: Self-documenting test scenarios
- **CI/CD Ready**: All tests integrate with build pipeline
### 📊 **Architecture Compliance**
- **Trace-Bullet Guidelines**: Four UI states properly tested
- **MVVM Pattern**: State management and lifecycle validated
- **Separation of Concerns**: Each layer independently testable
- **Resource Management**: Proper cleanup and disposal verified
## Recommendations for Future Development
### 1. **Enhanced Testing**
- Add integration tests with actual backend services
- Implement UI testing for user interactions
- Add performance tests for large datasets
### 2. **Test Infrastructure**
- Consider adding ktor-client-mock for more sophisticated HTTP testing
- Implement test data factories for complex scenarios
- Add code coverage reporting
### 3. **Monitoring Integration**
- Connect tests to monitoring infrastructure
- Add metrics collection for test execution
- Implement test result reporting to development teams
## Conclusion
The integration of essential tests across all client modules has been **successfully completed**:
-**Critical Test Gap Resolved**: Common-UI now has comprehensive test coverage
-**Cross-Platform Validation**: All modules tested and compatible
-**Production Readiness**: Core business logic thoroughly validated
-**Architecture Compliance**: MVVM and Trace-Bullet guidelines verified
-**Development Workflow**: Automated testing integrated into build process
The client architecture now provides a solid foundation for safe development and deployment of the "Tracer Bullet" functionality with proper quality assurance across all platforms.
---
**Integration Status**: ✅ COMPLETED SUCCESSFULLY
**Test Execution**: ✅ BUILD SUCCESSFUL in 4s
**Quality Gate**: ✅ PASSED - Production Ready
INFRASTRUCTURE_ANALYSIS_SUMMARY.md
-173
View File
@@ -1,173 +0,0 @@
# Infrastructure Analysis & Optimization Summary
**Datum**: 15. August 2025
**Analysierte Module**: Alle 6 Hauptkomponenten der Infrastructure (auth, cache, event-store, gateway, messaging, monitoring)
## Executive Summary
Die Infrastructure-Analyse zeigt ein größtenteils gut gewartetes und modernes System mit hochwertigen Implementierungen. Von den 6 Hauptkomponenten sind 5 in ausgezeichnetem Zustand mit umfassenden Tests und modernen Konfigurationen. Ein kritisches Problem wurde identifiziert und behoben.
## Detaillierte Ergebnisse
### ✅ Sehr gut gewartete Komponenten
#### 1. Gateway (infrastructure/gateway)
- **Status**: Exzellent ✅
- **Tests**: 53/53 passing (100%)
- **Features**: Vollständig optimiertes API Gateway mit Circuit Breaker, Rate Limiting, JWT-Authentifizierung, CORS, Korrelations-IDs, strukturiertem Logging
- **Konfiguration**: Moderne Spring Cloud Gateway Implementierung mit Resilience4j
- **Anmerkung**: Entgegen der älteren Optimierungsnotiz sind alle Tests erfolgreich
#### 2. Messaging (infrastructure/messaging)
- **Status**: Exzellent ✅
- **Tests**: 39/39 passing (100%)
- **Features**: Kafka-Integration, Sicherheitskonfiguration, Serialisierung, Consumer/Producer, Batch-Verarbeitung
- **Konfiguration**: Umfassende Kafka-Client-Bibliothek mit reaktiver Unterstützung
#### 3. Cache (infrastructure/cache)
- **Status**: Exzellent ✅
- **Tests**: 39/39 passing (100%)
- **Features**: Redis-basiertes Caching, TTL-Management, Batch-Operationen, Performance-Tests, Resilience-Tests
- **Konfiguration**: Robuste Redis-Cache-Implementierung mit Edge-Case-Behandlung
#### 4. Event Store (infrastructure/event-store)
- **Status**: Exzellent ✅
- **Tests**: 48/48 passing (100%)
- **Features**: Event Sourcing, Redis-basierte Implementierung, Concurrency-Kontrolle, Performance-Optimierung
- **Konfiguration**: Vollständige Event Store Implementierung mit konfigurierbaren Eigenschaften
### ⚠️ Komponenten mit identifizierten Problemen
#### 5. Authentication (infrastructure/auth)
- **Status**: Gut mit kleinen Problemen ⚠️
- **Tests**: 74/76 passing (97%)
- **Problem**: Intermittierendes Test-Isolationsproblem bei JWT-Signatur-Validierung
- **Details**: Der Test "should reject tokens with tampered signatures" schlägt manchmal fehl, funktioniert aber beim individuellen Ausführen
- **Empfehlung**: Test-Isolation verbessern, möglicherweise @DirtiesContext verwenden
#### 6. Monitoring (infrastructure/monitoring)
- **Status**: Problematisch - Reparatur erforderlich ❌
- **Tests**:
- monitoring-client: 2/2 passing (100%)
- monitoring-server: 0/1 passing (0%)
- **Kritisches Problem**: ApplicationContext kann nicht geladen werden
- **Behobene Probleme**:
- ✅ Veraltete zipkin-autoconfigure-ui Abhängigkeit entfernt
- ✅ Kotlin-Compiler-Optimierungen hinzugefügt
- ✅ Build-Konfiguration standardisiert
## Durchgeführte Optimierungen
### 1. Monitoring-Server Reparaturen
```kotlin
// Entfernte veraltete Abhängigkeit (Zipkin 3.x hat integrierte UI)
// implementation(libs.zipkin.autoconfigure.ui) // ENTFERNT
// Hinzugefügte Kotlin-Compiler-Optimierungen
tasks.withType<org.jetbrains.kotlin.gradle.tasks.KotlinCompile> {
compilerOptions {
freeCompilerArgs.addAll(
"-Xjsr305=strict",
"-opt-in=kotlin.RequiresOptIn"
)
jvmTarget.set(org.jetbrains.kotlin.gradle.dsl.JvmTarget.JVM_21)
}
}
// Hinzugefügte Build-Info-Generierung
springBoot {
mainClass.set("at.mocode.infrastructure.monitoring.MonitoringServerApplicationKt")
buildInfo() // NEU
}
```
### 2. Version Catalog Bereinigung
```toml
# Entfernte obsolete Abhängigkeit aus gradle/libs.versions.toml
# zipkin-autoconfigure-ui = { module = "io.zipkin:zipkin-autoconfigure-ui", version.ref = "zipkin" }
```
## Technologie-Stack Bewertung
### Aktuelle Versionen (Stand: August 2025)
-**Kotlin**: 2.2.0 (aktuell)
-**Spring Boot**: 3.3.2 (aktuell)
-**Spring Cloud**: 2023.0.3 (aktuell)
-**Zipkin**: 3.0.5 (aktuell)
-**Redis**: Lettuce 6.3.1 (aktuell)
-**Kafka**: Über Spring Boot BOM (aktuell)
-**JWT**: Auth0 4.4.0 (aktuell)
-**Resilience4j**: 2.2.0 (aktuell)
## Empfehlungen für weitere Optimierungen
### Kurzfristig (High Priority)
1. **Monitoring-Server Context-Problem beheben**
- ApplicationContext-Ladeproblems diagnostizieren
- Möglicherweise Zipkin-Server-Konfiguration überprüfen
- Missing Beans oder Configuration-Properties identifizieren
2. **Auth-Client Test-Isolation**
- @DirtiesContext für JWT-Tests hinzufügen
- Test-Reihenfolge-Abhängigkeiten eliminieren
- Shared State zwischen Tests vermeiden
3. **Monitoring Test-Coverage erweitern**
- Monitoring-Client hat nur 2 Tests
- Integration Tests für Zipkin-Server hinzufügen
- Health-Check Tests implementieren
### Mittelfristig (Medium Priority)
1. **Build-Konfiguration Standardisierung**
- Alle Module sollten einheitliche Kotlin-Compiler-Optionen haben
- Build-Info-Generierung für alle ausführbaren Module
- Konsistente Test-Konfigurationen
2. **Security Enhancements**
- JWT-Token-Rotation implementieren
- Rate-Limiting-Konfigurationen überprüfen
- Security-Headers standardisieren
3. **Performance Monitoring**
- Metriken für alle Infrastructure-Komponenten
- Dashboard für Infrastructure-Health
- Alerting für kritische Komponenten
### Langfristig (Nice to Have)
1. **Advanced Monitoring**
- OpenTelemetry Integration
- Distributed Tracing für alle Komponenten
- Advanced Grafana Dashboards
2. **Resilience Improvements**
- Chaos Engineering Tests
- Multi-Region Deployment Vorbereitung
- Advanced Circuit Breaker Konfigurationen
## Test-Coverage Übersicht
| Komponente | Tests Passing | Tests Total | Coverage | Status |
|------------|---------------|-------------|----------|---------|
| Gateway | 53 | 53 | 100% | ✅ Exzellent |
| Auth-Client | 74 | 76 | 97% | ⚠️ Fast perfekt |
| Messaging-Client | 39 | 39 | 100% | ✅ Exzellent |
| Cache (Redis) | 39 | 39 | 100% | ✅ Exzellent |
| Event-Store | 48 | 48 | 100% | ✅ Exzellent |
| Monitoring-Client | 2 | 2 | 100% | ⚠️ Minimal |
| Monitoring-Server | 0 | 1 | 0% | ❌ Fehlerhaft |
| **Gesamt** | **255** | **258** | **99%** | **Sehr gut** |
## Fazit
Die Infrastructure zeigt eine beeindruckende Qualität mit 99% Test-Success-Rate und modernen Technologien. Die meisten Komponenten sind produktionstauglich und gut getestet. Das einzige kritische Problem liegt im Monitoring-Server, das aber bereits teilweise behoben wurde.
**Nächste Schritte**:
1. Monitoring-Server ApplicationContext-Problem lösen
2. Auth-Client Test-Isolation verbessern
3. Monitoring Test-Coverage erweitern
Die Infrastructure stellt eine solide Grundlage für das Meldestelle-System dar und folgt modernen Microservices-Best-Practices.
---
**Erstellt von**: Junie (AI Assistant)
**Letzte Aktualisierung**: 15. August 2025
Makefile
+117 -25
View File
@@ -1,6 +1,6 @@
# ===================================================================
# Meldestelle Docker Development Makefile
# Convenient commands for managing containerized development workflow
# Optimierte Befehle für containerisierte Entwicklungs-Workflows
# ===================================================================
.PHONY: help dev-up dev-down dev-restart dev-logs build clean test
@@ -8,7 +8,8 @@
.PHONY: clients-up clients-down clients-restart clients-logs
.PHONY: prod-up prod-down prod-restart prod-logs
.PHONY: infrastructure-up infrastructure-down infrastructure-logs
.PHONY: dev-tools-up dev-tools-down status health-check logs shell env-template dev-info clean-all build-service build-client
.PHONY: full-up full-down full-restart full-logs
.PHONY: dev-tools-up dev-tools-down status health-check logs shell env-setup env-dev env-prod env-staging env-test dev-info clean-all build-service build-client
.ONESHELL:
@@ -69,48 +70,139 @@ infrastructure-down: ## Stop infrastructure services
infrastructure-logs: ## Show infrastructure logs
$(COMPOSE) -f docker-compose.yml logs -f
services-up: ## Start application services (simplified: base compose only)
@echo "⚙️ Starting services (simplified setup using docker-compose.yml only)..."
$(COMPOSE) -f docker-compose.yml up -d
@echo "✅ Services started (based on docker-compose.yml)"
services-up: ## Start application services (infrastructure + microservices)
@echo "⚙️ Starting application services..."
$(COMPOSE) -f docker-compose.yml -f docker-compose.services.yml up -d
@echo "✅ Application services started"
@echo "🔗 Gateway: http://localhost:8081"
@echo "🏓 Ping Service: http://localhost:8082"
@echo "👥 Members Service: http://localhost:8083"
@echo "🐎 Horses Service: http://localhost:8084"
@echo "🎯 Events Service: http://localhost:8085"
@echo "📊 Master Service: http://localhost:8086"
services-down: ## Stop application services (simplified)
$(COMPOSE) -f docker-compose.yml down
services-down: ## Stop application services
$(COMPOSE) -f docker-compose.yml -f docker-compose.services.yml down
services-restart: ## Restart application services
@$(MAKE) services-down
@$(MAKE) services-up
services-logs: ## Show application services logs (simplified)
$(COMPOSE) -f docker-compose.yml logs -f
services-logs: ## Show application services logs
$(COMPOSE) -f docker-compose.yml -f docker-compose.services.yml logs -f
clients-up: ## Start client applications (simplified using base compose)
@echo "💻 Starting client applications (simplified)..."
$(COMPOSE) -f docker-compose.yml up -d
@echo "✅ Client applications started (docker-compose.yml)"
clients-up: ## Start client applications (infrastructure + clients)
@echo "💻 Starting client applications..."
$(COMPOSE) -f docker-compose.yml -f docker-compose.clients.yml up -d
@echo "✅ Client applications started"
@echo "🌐 Web App: http://localhost:3000"
@echo "🔐 Auth Server: http://localhost:8087"
@echo "📈 Monitoring: http://localhost:8088"
clients-down: ## Stop client applications (simplified)
$(COMPOSE) -f docker-compose.yml down
clients-down: ## Stop client applications
$(COMPOSE) -f docker-compose.yml -f docker-compose.clients.yml down
clients-restart: ## Restart client applications
@$(MAKE) clients-down
@$(MAKE) clients-up
clients-logs: ## Show client application logs (simplified)
$(COMPOSE) -f docker-compose.yml logs -f
clients-logs: ## Show client application logs
$(COMPOSE) -f docker-compose.yml -f docker-compose.clients.yml logs -f
# ===================================================================
# Full System Commands
# ===================================================================
full-up: ## Start complete system (infrastructure + services + clients)
@echo "🚀 Starting complete Meldestelle system..."
$(COMPOSE) -f docker-compose.yml -f docker-compose.services.yml -f docker-compose.clients.yml up -d
@echo "✅ Complete system started"
@echo ""
@echo "🌐 Frontend & APIs:"
@echo " Web App: http://localhost:3000"
@echo " API Gateway: http://localhost:8081"
@echo ""
@echo "🔧 Infrastructure:"
@echo " PostgreSQL: localhost:5432"
@echo " Redis: localhost:6379"
@echo " Keycloak: http://localhost:8180"
@echo " Consul: http://localhost:8500"
@echo " Prometheus: http://localhost:9090"
@echo " Grafana: http://localhost:3000"
@echo ""
@echo "⚙️ Microservices:"
@echo " Ping Service: http://localhost:8082"
@echo " Members Service: http://localhost:8083"
@echo " Horses Service: http://localhost:8084"
@echo " Events Service: http://localhost:8085"
@echo " Master Service: http://localhost:8086"
@echo " Auth Server: http://localhost:8087"
@echo " Monitoring: http://localhost:8088"
full-down: ## Stop complete system
$(COMPOSE) -f docker-compose.yml -f docker-compose.services.yml -f docker-compose.clients.yml down
full-restart: ## Restart complete system
@$(MAKE) full-down
@$(MAKE) full-up
full-logs: ## Show all system logs
$(COMPOSE) -f docker-compose.yml -f docker-compose.services.yml -f docker-compose.clients.yml logs -f
# ===================================================================
# Environment Configuration Commands
# ===================================================================
env-setup: ## Show environment setup instructions
@echo "🔧 Umgebungskonfiguration - Environment Setup"
@echo "=============================================="
@echo ""
@echo "Verfügbare Umgebungen:"
@echo " make env-dev - Entwicklungsumgebung"
@echo " make env-prod - Produktionsumgebung"
@echo " make env-staging - Staging-Umgebung"
@echo " make env-test - Testumgebung"
@echo ""
@echo "Aktuelle Konfiguration:"
@ls -la .env 2>/dev/null || echo " Keine .env Datei gefunden - führe 'make env-dev' aus"
env-dev: ## Switch to development environment
@echo "🔧 Switching to development environment..."
@ln -sf config/.env.dev .env
@echo "✅ Development environment activated (.env -> config/.env.dev)"
@echo "Debug mode: enabled, CORS: permissive, Logging: verbose"
env-prod: ## Switch to production environment
@echo "🔧 Switching to production environment..."
@ln -sf config/.env.prod .env
@echo "✅ Production environment activated (.env -> config/.env.prod)"
@echo "⚠️ WICHTIG: Überprüfen Sie alle CHANGE_ME Werte in .env!"
env-staging: ## Switch to staging environment
@echo "🔧 Switching to staging environment..."
@ln -sf config/.env.staging .env
@echo "✅ Staging environment activated (.env -> config/.env.staging)"
@echo "Production-like settings with moderate resources"
env-test: ## Switch to test environment
@echo "🔧 Switching to test environment..."
@ln -sf config/.env.test .env
@echo "✅ Test environment activated (.env -> config/.env.test)"
@echo "Optimized for automated testing with alternative ports"
# ===================================================================
# Production Commands
# ===================================================================
prod-up: ## Start production environment (simplified)
@echo "🚀 Starting production environment (simplified)..."
@echo "⚠️ Make sure environment variables are properly set!"
$(COMPOSE) -f docker-compose.yml up -d
@echo "✅ Production environment started (docker-compose.yml)"
prod-up: ## Start production environment
@echo "🚀 Starting production environment..."
@echo "⚠️ Make sure environment variables are properly set!"
@if [ ! -f .env ]; then echo "❌ No .env file found! Run 'make env-prod' first."; exit 1; fi
$(COMPOSE) -f docker-compose.yml -f docker-compose.services.yml up -d
@echo "✅ Production environment started"
prod-down: ## Stop production environment (simplified)
$(COMPOSE) -f docker-compose.yml down
prod-down: ## Stop production environment
$(COMPOSE) -f docker-compose.yml -f docker-compose.services.yml down
prod-restart: ## Restart production environment
@$(MAKE) prod-down
README-DOCKER.md
+299
View File
@@ -0,0 +1,299 @@
# Meldestelle - Docker Konfiguration
## Übersicht
Das Meldestelle-Projekt nutzt eine modulare Docker-Compose-Struktur für verschiedene Deployment-Szenarien:
- **`docker-compose.yml`** - Basis-Infrastruktur (PostgreSQL, Redis, Keycloak, Consul, Kafka, Monitoring, Gateway)
- **`docker-compose.services.yml`** - Microservices (Ping, Members, Horses, Events, Masterdata)
- **`docker-compose.clients.yml`** - Client-Anwendungen (Web-App, Auth-Server, Monitoring-Server)
## Architektur
### Infrastruktur-Services (docker-compose.yml)
- **PostgreSQL** (Port 5432) - Hauptdatenbank
- **Redis** (Port 6379) - Cache und Event Store
- **Keycloak** (Port 8180) - Authentifizierung und Autorisierung
- **Consul** (Port 8500) - Service Discovery
- **Kafka + Zookeeper** (Ports 9092, 2181) - Event Streaming
- **Prometheus** (Port 9090) - Metriken-Sammlung
- **Grafana** (Port 3000) - Monitoring-Dashboard
- **API Gateway** (Port 8081) - Zentraler Eingang
### Microservices (docker-compose.services.yml)
- **Ping Service** (Port 8082) - Health Check und Test Service
- **Members Service** (Port 8083) - Mitgliederverwaltung
- **Horses Service** (Port 8084) - Pferdedaten
- **Events Service** (Port 8085) - Veranstaltungen
- **Masterdata Service** (Port 8086) - Stammdaten
### Client-Anwendungen (docker-compose.clients.yml)
- **Web Application** (Port 3000) - Kotlin Multiplatform Frontend
- **Auth Server** (Port 8087) - Erweiterte Authentifizierung
- **Monitoring Server** (Port 8088) - Monitoring-Erweiterungen
## Verwendung
### Nur Infrastruktur starten
```bash
# Für Backend-Entwicklung
docker-compose up -d
```
### Vollständiges System
```bash
# Alle Services und Clients
docker-compose -f docker-compose.yml \
-f docker-compose.services.yml \
-f docker-compose.clients.yml up -d
```
### Nur Services ohne Clients
```bash
# Infrastruktur + Microservices
docker-compose -f docker-compose.yml \
-f docker-compose.services.yml up -d
```
### Spezifische Services
```bash
# Nur bestimmte Services
docker-compose up -d postgres redis keycloak
```
## Umgebungsvariablen
Die Docker-Konfiguration nutzt das zentrale `.env`-System aus dem `config/` Verzeichnis:
```bash
# Für Entwicklung
ln -sf config/.env.dev .env
# Für Produktion
ln -sf config/.env.prod .env
# Für Tests
ln -sf config/.env.test .env
```
### Wichtige Variablen
| Variable | Standard | Beschreibung |
|----------|----------|--------------|
| `POSTGRES_USER` | meldestelle | PostgreSQL Benutzer |
| `POSTGRES_PASSWORD` | meldestelle | PostgreSQL Passwort |
| `POSTGRES_DB` | meldestelle | PostgreSQL Datenbankname |
| `REDIS_PASSWORD` | (leer) | Redis Passwort |
| `GATEWAY_PORT` | 8081 | API Gateway Port |
| `CONSUL_PORT` | 8500 | Consul Port |
| `KAFKA_PORT` | 9092 | Kafka Port |
| `PROMETHEUS_PORT` | 9090 | Prometheus Port |
| `GRAFANA_PORT` | 3000 | Grafana Port |
## Health Checks
Alle Services verfügen über Health Checks:
```bash
# Status aller Services prüfen
docker-compose ps
# Service-spezifische Logs
docker-compose logs -f [service-name]
# Health Check einzelner Services
docker-compose exec postgres pg_isready -U meldestelle
docker-compose exec redis redis-cli ping
curl http://localhost:8500/v1/status/leader # Consul
curl http://localhost:8081/actuator/health # API Gateway
```
## Entwicklung
### Hot Reload für Web-App
```bash
# Web-App im Development-Modus
docker-compose -f docker-compose.yml \
-f docker-compose.clients.yml up -d web-app
```
### Debug-Modus für Services
```bash
# Service mit Debug-Port (5005)
docker-compose -f docker-compose.yml \
-f docker-compose.services.yml up -d
# Debug-Port ist automatisch verfügbar
```
### Logs verfolgen
```bash
# Alle Logs
docker-compose logs -f
# Spezifischer Service
docker-compose logs -f api-gateway
# Letzten 100 Zeilen
docker-compose logs --tail=100 -f
```
## Datenmanagement
### Volumes
- `postgres-data` - PostgreSQL Daten
- `redis-data` - Redis Persistierung
- `prometheus-data` - Prometheus Metriken
- `grafana-data` - Grafana Dashboards
- `monitoring-data` - Custom Monitoring Daten
### Backup
```bash
# PostgreSQL Backup
docker-compose exec -T postgres pg_dump -U meldestelle meldestelle > backup.sql
# Redis Backup
docker-compose exec redis redis-cli SAVE
docker cp $(docker-compose ps -q redis):/data/dump.rdb ./redis-backup.rdb
```
### Reset
```bash
# Alle Container und Volumes löschen
docker-compose down -v
docker-compose -f docker-compose.yml \
-f docker-compose.services.yml \
-f docker-compose.clients.yml down -v
# Images neu bauen
docker-compose build --no-cache
```
## Monitoring
### Prometheus Metriken
- URL: http://localhost:9090
- Sammelt Metriken von allen Services
- Konfiguration: `docker/monitoring/prometheus/prometheus.yml`
### Grafana Dashboards
- URL: http://localhost:3000
- Benutzer: admin / admin (Standard)
- Vorkonfigurierte Dashboards für alle Services
### Service Discovery
- Consul UI: http://localhost:8500
- Zeigt alle registrierten Services
- Health Status und Service-Informationen
## Troubleshooting
### Häufige Probleme
1. **Port-Konflikte**
```bash
# Ports prüfen
netstat -tulpn | grep :8081
# Alternative Ports in .env setzen
GATEWAY_PORT=8082
```
2. **Service startet nicht**
```bash
# Dependencies prüfen
docker-compose ps
# Logs analysieren
docker-compose logs [service-name]
# Service neu starten
docker-compose restart [service-name]
```
3. **Speicher-Probleme**
```bash
# Speicher freigeben
docker system prune -a
# Volumes prüfen
docker volume ls
```
4. **Netzwerk-Probleme**
```bash
# Netzwerk neu erstellen
docker-compose down
docker network prune
docker-compose up -d
```
### Konfiguration validieren
```bash
# Docker-Compose Syntax prüfen
docker-compose config
# Mit allen Files
docker-compose -f docker-compose.yml \
-f docker-compose.services.yml \
-f docker-compose.clients.yml config
```
## Produktion
### Sicherheitsaspekte
1. **Secrets**: Verwenden Sie starke Passwörter in `.env.prod`
2. **Netzwerk**: Externe Zugriffe über Load Balancer
3. **Volumes**: Backup-Strategie implementieren
4. **Updates**: Regelmäßige Image-Updates
### Performance-Optimierungen
1. **Resource Limits**: In Produktion definieren
2. **Monitoring**: Vollständige Observability
3. **Load Balancing**: Mehrere Instanzen für kritische Services
4. **Caching**: Redis optimal konfigurieren
## Build-Automatisierung
### Makefile-Integration
```bash
# Verfügbare Targets
make help
# System starten
make start
# System stoppen
make stop
# Logs anzeigen
make logs
# Services bauen
make build
```
### CI/CD Integration
```yaml
# GitHub Actions Beispiel
- name: Start Services
run: |
docker-compose -f docker-compose.yml \
-f docker-compose.services.yml up -d
- name: Run Tests
run: |
docker-compose exec -T api-gateway ./gradlew test
```
## Support
Bei Problemen:
1. Überprüfen Sie die Logs: `docker-compose logs -f`
2. Validieren Sie die Konfiguration: `docker-compose config`
3. Prüfen Sie die Umgebungsvariablen: `docker-compose config | grep environment`
4. Konsultieren Sie die Service-spezifischen READMEs im jeweiligen Verzeichnis
---
*Letzte Aktualisierung: 2025-01-06*
README-ENV.md
+33 -20
View File
@@ -2,17 +2,21 @@
## Was wurde implementiert
Dieses Projekt wurde erfolgreich mit einer umfassenden Umgebungsvariablen-Konfiguration für die lokale Entwicklung ausgestattet.
Das Meldestelle-Projekt verfügt über eine vollständig zentralisierte Umgebungsvariablen-Konfiguration im `config/` Verzeichnis.
### 1. Erstellte Dateien
### 1. Zentrale Konfigurationsstruktur
- **`.env`** - Zentrale Konfigurationsdatei mit allen erforderlichen Umgebungsvariablen
- **`docs/development/environment-variables-de.md`** - Umfassende Dokumentation aller Umgebungsvariablen
- **`validate-env.sh`** - Validierungsskript für die Umgebungskonfiguration
- **`config/.env.template`** - Master-Vorlage mit allen verfügbaren Umgebungsvariablen
- **`config/.env.dev`** - Entwicklungsumgebung-Konfiguration
- **`config/.env.prod`** - Produktionsumgebung-Konfiguration
- **`config/.env.staging`** - Staging-Umgebung-Konfiguration
- **`config/.env.test`** - Testumgebung-Konfiguration
- **`config/README.md`** - Umfassende Dokumentation der Konfigurationsverwaltung
### 2. Aktualisierte Dateien
- **`docker-compose.yml`** - Alle Services verwenden jetzt Umgebungsvariablen mit Fallback-Werten
- **`docker-compose.yml`** - Alle Services verwenden Umgebungsvariablen mit Fallback-Werten
- **Symlink `.env`** - Verweist auf die aktuelle Umgebungskonfiguration
### 3. Konfigurierte Services
@@ -43,14 +47,21 @@ Die folgenden Services sind vollständig konfiguriert:
### Schnellstart
1. **Services starten:**
1. **Umgebung wählen:**
```bash
docker-compose up -d
# Für Entwicklung
ln -sf config/.env.dev .env
# Für Produktion
ln -sf config/.env.prod .env
# Für Tests
ln -sf config/.env.test .env
```
2. **Konfiguration validieren:**
2. **Services starten:**
```bash
./validate-env.sh
docker-compose up -d
```
3. **Services überprüfen:**
@@ -60,14 +71,14 @@ Die folgenden Services sind vollständig konfiguriert:
### Anpassungen
- Bearbeiten Sie die `.env`-Datei für lokale Anpassungen
- Verwenden Sie verschiedene Ports für mehrere Entwickler
- Ändern Sie Passwörter für Produktionsumgebungen
- Kopieren und bearbeiten Sie die gewünschte `.env.*` Datei aus dem `config/` Verzeichnis
- Verwenden Sie verschiedene Ports für mehrere Entwickler (siehe `.env.test` für Beispiel)
- Ändern Sie alle `CHANGE_ME` Werte in Produktionsumgebungen
### Dokumentation
Vollständige Dokumentation finden Sie in:
- `docs/development/environment-variables-de.md`
- `config/README.md` - Zentrale Konfigurationsdokumentation
## Sicherheitshinweise
@@ -80,12 +91,14 @@ Vollständige Dokumentation finden Sie in:
## Fehlerbehebung
Bei Problemen:
1. Führen Sie `./validate-env.sh` aus
2. Überprüfen Sie die Logs mit `docker-compose logs -f`
3. Validieren Sie die Konfiguration mit `docker-compose config`
1. Überprüfen Sie die aktive Umgebungskonfiguration: `ls -la .env`
2. Validieren Sie die Docker-Compose-Konfiguration: `docker-compose config`
3. Überprüfen Sie die Service-Logs: `docker-compose logs -f`
4. Konsultieren Sie `config/README.md` für detaillierte Konfigurationsrichtlinien
## Nächste Schritte
- Testen Sie die Anwendung mit den neuen Umgebungsvariablen
- Passen Sie die Werte nach Bedarf für Ihre Entwicklungsumgebung an
- Erstellen Sie umgebungsspezifische .env-Dateien für verschiedene Stages
- Die zentrale Konfiguration ist bereits vollständig implementiert
- Wählen Sie die gewünschte Umgebung mit den Symlink-Befehlen oben
- Passen Sie Konfigurationswerte in den `config/.env.*` Dateien nach Bedarf an
- Für neue Umgebungen verwenden Sie `config/.env.template` als Ausgangspunkt
README-PRODUCTION.md
+6 -3
View File
@@ -60,16 +60,19 @@ cd Meldestelle
### 2. Produktionsumgebung konfigurieren
```bash
# Kopieren Sie die Produktions-Umgebungsvariablen
cp .env.prod.example .env.prod
# Kopieren Sie die Produktions-Umgebungsvariablen aus dem config Verzeichnis
cp config/.env.prod .env.prod
# Bearbeiten Sie die Produktionskonfiguration
nano .env.prod
# Oder verwenden Sie einen Symlink für direkte Nutzung
ln -sf config/.env.prod .env
```
### 3. SSL-Zertifikate einrichten
Siehe [SSL Certificate Setup Guide](config/ssl/README.md) für detaillierte Anweisungen.
Siehe [SSL-Zertifikat Setup Anleitung](config/ssl/README-de.md) für detaillierte Anweisungen.
#### Schnellstart mit Let's Encrypt
TODO-Containerisierungsstrategie.md
-235
View File
@@ -1,235 +0,0 @@
### Containerisierungsstrategie für das Meldestelle-Projekt
Basierend auf meiner Analyse der aktuellen Infrastruktur und Projektstruktur empfehle ich eine mehrstufige
Containerisierungsstrategie, die auf den bereits vorhandenen, exzellenten Docker-Setups aufbaut.
### Aktuelle Situation - Stärken
Das Projekt verfügt bereits über eine sehr solide Basis:
#### ✅ Ausgezeichnete Infrastructure Services
- **Development**: `docker-compose.yml` mit allen notwendigen Services
- **Production**: `docker-compose.prod.yml` mit Security-Härtung, SSL/TLS, Resource-Limits
- **Services**: PostgreSQL, Redis, Keycloak, Kafka, Zipkin, Consul, Prometheus, Grafana, Nginx
#### ✅ Hochqualitative Dockerfile-Templates
- **Multi-stage Builds** für optimale Layer-Caching
- **Security Best Practices** (non-root user, Alpine Linux)
- **Comprehensive Health Checks**
- **JVM-Optimierungen** für Container-Umgebungen
- **Monitoring-Integration**
### Empfohlene Containerisierungsstrategie
#### 1. **Dockerfile-Standardisierung und -Templates**
**Erstelle Dockerfile-Templates für verschiedene Service-Typen:**
```
dockerfiles/
├── templates/
│ ├── spring-boot-service.Dockerfile # Für Backend-Services
│ ├── kotlin-multiplatform-web.Dockerfile # Für Web-Client
│ └── monitoring-service.Dockerfile # Für Monitoring-Services
├── infrastructure/
│ ├── gateway/Dockerfile # ✅ Bereits vorhanden
│ ├── auth-server/Dockerfile
│ └── monitoring-server/Dockerfile
└── services/
├── members-service/Dockerfile
├── horses-service/Dockerfile
├── events-service/Dockerfile
└── masterdata-service/Dockerfile
```
#### 2. **Backend-Services Containerisierung**
**Für alle aktuellen und zukünftigen Services:**
```dockerfile
# Template basierend auf ping-service/Dockerfile
FROM gradle:8.14-jdk21-alpine AS builder
# [Gradle Build Stage mit Layer-Optimierung]
FROM eclipse-temurin:21-jre-alpine AS runtime
# [Runtime mit Security & Monitoring]
```
**Priorität der Service-Containerisierung:**
1. **Infrastructure Services** (bereits vorhanden - ✅)
2. **Auth-Server** (`infrastructure:auth:auth-server`)
3. **Monitoring-Server** (`infrastructure:monitoring:monitoring-server`)
4. **Domain Services** (wenn reaktiviert):
- Members-Service
- Horses-Service
- Events-Service
- Masterdata-Service
#### 3. **Client-Anwendungen Containerisierung**
**Für Kotlin Multiplatform Client:**
```dockerfile
# Web-App (Kotlin/JS)
FROM node:20-alpine AS web-builder
WORKDIR /app
# Kotlin/JS Build für Web-App
FROM nginx:alpine AS web-runtime
COPY --from=web-builder /app/build/dist/ /usr/share/nginx/html/
COPY client/web-app/nginx.conf /etc/nginx/nginx.conf
```
**Desktop-App bleibt außerhalb der Containerisierung** (JVM-basierte Desktop-Anwendung).
#### 4. **Docker-Compose Orchestrierung**
**Erweitere die bestehenden Compose-Files:**
```yaml
# docker-compose.services.yml - Neue Service-Layer
version: '3.8'
services:
auth-server:
build:
context: .
dockerfile: infrastructure/auth/auth-server/Dockerfile
depends_on: [ postgres, consul ]
environment:
- SPRING_PROFILES_ACTIVE=docker
networks: [ meldestelle-network ]
web-client:
build:
context: .
dockerfile: client/web-app/Dockerfile
ports: [ "3001:80" ]
depends_on: [ api-gateway ]
networks: [ meldestelle-network ]
# Zukünftige Domain Services
members-service:
build:
context: .
dockerfile: services/members-service/Dockerfile
# [Standard Service Configuration]
```
#### 5. **Multi-Environment Strategy**
**Organisiere Compose-Files nach Umgebungen:**
```
├── docker-compose.yml # ✅ Development (bereits vorhanden)
├── docker-compose.prod.yml # ✅ Production (bereits vorhanden)
├── docker-compose.services.yml # 🆕 Application Services
├── docker-compose.clients.yml # 🆕 Client Applications
└── docker-compose.override.yml # 🆕 Local Development Overrides
```
**Verwendung:**
```bash
# Development - Vollständiges System
docker-compose -f docker-compose.yml -f docker-compose.services.yml -f docker-compose.clients.yml up
# Production - Optimiert und gehärtet
docker-compose -f docker-compose.prod.yml -f docker-compose.services.yml up
# Nur Infrastructure - Für Backend-Entwicklung
docker-compose -f docker-compose.yml up postgres redis kafka consul
```
#### 6. **Build-Automatisierung und CI/CD Integration**
**Gradle-Integration für Docker-Builds:**
```kotlin
// build.gradle.kts
tasks.register("dockerBuild") {
dependsOn("bootJar")
doLast {
exec {
commandLine("docker", "build", "-t", "${project.name}:latest", ".")
}
}
}
```
**GitHub Actions Workflow:**
```yaml
name: Build and Push Docker Images
on: [ push, pull_request ]
jobs:
build:
steps:
- name: Build Service Images
run: |
./gradlew dockerBuild
docker-compose -f docker-compose.prod.yml build
```
#### 7. **Development Workflow Verbesserungen**
**Hot-Reload für Development:**
```yaml
# docker-compose.override.yml
services:
web-client:
volumes:
- ./client/web-app/src:/app/src:ro
environment:
- NODE_ENV=development
command: npm run dev
```
**Debugging-Support:**
```yaml
services:
members-service:
environment:
- DEBUG=true # Aktiviert JPDA auf Port 5005
ports:
- "5005:5005" # Debug-Port
```
#### 8. **Monitoring und Observability**
**Erweitere die bestehende Prometheus/Grafana-Integration:**
```yaml
# Für alle Services
services:
service-template:
labels:
- "prometheus.scrape=true"
- "prometheus.port=8080"
- "prometheus.path=/actuator/prometheus"
```
### Implementierungsreihenfolge
1. **Phase 1**: Dockerfile-Templates und Auth-Server containerisieren
2. **Phase 2**: Client-Anwendungen (Web-App) containerisieren
3. **Phase 3**: Domain-Services vorbereiten (wenn reaktiviert)
4. **Phase 4**: CI/CD-Pipeline mit Docker-Integration
5. **Phase 5**: Production-Rollout mit Blue-Green-Deployment
### Fazit
Das Projekt verfügt bereits über eine **exzellente Container-Infrastruktur**. Die empfohlene Strategie baut darauf auf
und erweitert sie systematisch um:
- **Standardisierte Dockerfile-Templates**
- **Modulare Docker-Compose-Organisation**
- **Client-Anwendungen-Container**
- **Development-optimierte Workflows**
- **Production-Ready-Sicherheit und Monitoring**
Diese Strategie gewährleistet **Konsistenz**, **Skalierbarkeit** und **Wartbarkeit** bei minimaler Komplexität.
TODO-Roadmap.md
-255
View File
@@ -1,255 +0,0 @@
# TODO-Roadmap für Meldestelle Backend & Frontend Verbesserungen
## 📋 Roadmap Übersicht
Diese Roadmap führt Sie durch die systematische Verbesserung Ihres Backend und Frontend Codes, basierend auf der durchgeführten Analyse.
---
## 🚀 Phase 1: Backend-Optimierungen (Woche 1-2)
### 1.1 Circuit Breaker Enhancement
- [ ] **Resilience4j Circuit Breaker für Ping-Service implementieren**
- Datei: `temp/ping-service/src/main/kotlin/.../PingServiceCircuitBreaker.kt`
- Fallback-Methoden für Service-Ausfälle
- Konfiguration in `application.yml`
- Tests für Circuit Breaker Verhalten
### 1.2 Health Check Verbesserungen
- [ ] **Gateway Health Indicator implementieren**
- Datei: `infrastructure/gateway/src/main/kotlin/.../health/GatewayHealthIndicator.kt`
- Downstream Service Health Checks
- Actuator Integration erweitern
- Health Check Dashboard
### 1.3 Observability & Metrics
- [ ] **Micrometer Metrics Integration**
- Datei: `infrastructure/gateway/src/main/kotlin/.../metrics/GatewayMetricsConfig.kt`
- Request/Response Zeit Metriken
- Fehlerrate Tracking
- Custom Business Metrics
- [ ] **Enhanced Logging Verbesserungen**
- Strukturierte JSON Logs
- MDC (Mapped Diagnostic Context) für Korrelations-IDs
- Log-Level Konfiguration per Environment
### 1.4 Security Enhancements
- [ ] **JWT Authentication Filter erweitern**
- Token Refresh Mechanismus
- Role-based Access Control (RBAC)
- Rate Limiting basierend auf User-Rollen
---
## 🎨 Phase 2: Frontend-Architektur Grundlagen (Woche 3-4)
### 2.1 Clean Architecture Setup
- [ ] **Repository Pattern implementieren**
- Datei: `client/common-ui/src/commonMain/kotlin/.../data/repository/PingRepository.kt`
- Interface Definition
- Implementation mit Error Handling
- Mock Implementation für Tests
- [ ] **Data Layer strukturieren**
- DTOs und Domain Models trennen
- API Client abstrahieren
- Caching Strategy implementieren
### 2.2 State Management Architecture
- [ ] **ViewModel Pattern einführen**
- Datei: `client/common-ui/src/commonMain/kotlin/.../ui/viewmodel/PingViewModel.kt`
- State Management mit Flows
- Business Logic Kapselung
- Testbare ViewModels
- [ ] **State Classes definieren**
- Loading/Success/Error States
- Immutable State Objects
- State Transition Logic
### 2.3 Dependency Injection
- [ ] **DI Container Setup**
- Datei: `client/common-ui/src/commonMain/kotlin/.../di/ClientModule.kt`
- Repository Injection
- ViewModel Factory
- Configuration Management
---
## 🔧 Phase 3: Frontend-Komponenten Refactoring (Woche 5-6)
### 3.1 UI Components verbessern
- [ ] **PingTestComponent refactoren**
- Datei: `client/common-ui/src/commonMain/kotlin/.../ui/components/PingTestComponent.kt`
- State-driven UI
- Error Handling UI
- Loading States
### 3.2 Error Handling Strategy
- [ ] **Unified Error Handling**
- `ApiResult` sealed class
- Error Boundary Components
- User-friendly Error Messages
- Retry Mechanisms
### 3.3 Network Layer
- [ ] **HTTP Client Configuration**
- Timeout Konfiguration
- Retry Policy
- Request/Response Interceptors
- Connection Pool Management
---
## 📱 Phase 4: KMP-spezifische Optimierungen (Woche 7-8)
### 4.1 Platform-spezifische Implementierungen
- [ ] **Expect/Actual Patterns**
- Platform-spezifische HTTP Clients
- Storage Abstraction
- Platform UI Anpassungen
### 4.2 Build Configuration
- [ ] **Gradle Build Optimierung**
- Datei: `client/web-app/build.gradle.kts`
- Dependencies Management
- Code Sharing zwischen Targets
- Build Performance
### 4.3 Web-spezifische Features
- [ ] **Browser Integration**
- LocalStorage für Caching
- Service Worker für Offline
- Progressive Web App Features
---
## 🧪 Phase 5: Testing Strategy (Woche 9-10)
### 5.1 Backend Testing
- [ ] **Integration Tests erweitern**
- Circuit Breaker Tests
- Rate Limiting Tests
- Security Filter Tests
- [ ] **Performance Tests**
- Load Testing Setup
- Stress Testing
- Memory Leak Detection
### 5.2 Frontend Testing
- [ ] **Unit Tests für ViewModels**
- State Transition Tests
- Business Logic Tests
- Mock Repository Tests
- [ ] **UI Testing**
- Component Tests
- Integration Tests
- E2E Tests Setup
---
## 📈 Phase 6: Performance & Monitoring (Woche 11-12)
### 6.1 Performance Optimierung
- [ ] **Backend Performance**
- Database Query Optimierung
- Connection Pooling
- Caching Strategy
- [ ] **Frontend Performance**
- Bundle Size Optimierung
- Lazy Loading
- Memory Management
### 6.2 Monitoring Setup
- [ ] **Metrics Dashboard**
- Grafana Dashboards
- Alerting Rules
- Performance KPIs
- [ ] **Error Tracking**
- Frontend Error Monitoring
- Backend Error Alerting
- User Experience Metrics
---
## 🚢 Phase 7: Production Readiness (Woche 13-14)
### 7.1 Configuration Management
- [ ] **Environment Configuration**
- Dev/Test/Prod Configs
- Secret Management
- Feature Flags
### 7.2 Deployment Pipeline
- [ ] **CI/CD Verbesserungen**
- Automated Testing
- Docker Optimierung
- Blue/Green Deployment
### 7.3 Documentation
- [ ] **Code Dokumentation**
- API Documentation Update
- Architecture Decision Records
- Developer Guidelines
---
## 📊 Erfolgs-Metriken
### Backend
- [ ] Response Zeit < 100ms für 95% der Requests
- [ ] Fehlerrate < 0.1%
- [ ] Circuit Breaker Funktionalität
- [ ] 100% Test Coverage für kritische Pfade
### Frontend
- [ ] Bundle Size < 500KB (gzipped)
- [ ] First Contentful Paint < 1.5s
- [ ] Crash-freie Sessions > 99.5%
- [ ] Clean Architecture Compliance
---
## 🔄 Kontinuierliche Verbesserungen
### Wöchentliche Reviews
- [ ] Code Quality Metrics Review
- [ ] Performance Benchmarks
- [ ] Security Audit
- [ ] User Feedback Integration
### Monatliche Assessments
- [ ] Architecture Review
- [ ] Technology Stack Evaluation
- [ ] Process Optimization
- [ ] Team Knowledge Sharing
---
## 📝 Notizen
### Prioritäten
1. **Hoch**: Circuit Breaker, Repository Pattern, State Management
2. **Medium**: Metrics, Error Handling, Testing
3. **Niedrig**: Performance Optimierung, Documentation
### Dependencies
- Phase 2 kann parallel zu Phase 1 begonnen werden
- Phase 3 benötigt Completion von Phase 2
- Testing (Phase 5) sollte kontinuierlich durchgeführt werden
### Risiken
- KMP-spezifische Probleme können zusätzliche Zeit benötigen
- Integration zwischen Backend und Frontend muss koordiniert werden
- Performance-Tests können unerwartete Probleme aufdecken
---
**Erstellt:** Januar 2025
**Version:** 1.0
**Nächstes Review:** Nach Phase 2 Completion
TODO.md
-23
View File
@@ -1,23 +0,0 @@
Zusammengefasst ergibt sich daraus folgender, konkreter Fahrplan:
1. **Schritt 0: Aufräumen (ca. 1-2 Stunden)**
* [ ] Entfernen Sie den auskommentierten Ktor-Code aus der `infrastructure:gateway:build.gradle.kts`.
* [ ] Refaktorieren Sie die Test-Route in `GatewayApplicationTests.kt` auf die Kotlin DSL von Spring Cloud Gateway.
* [ ] **(Optional)** Führen Sie `value class`es für stark typisierte IDs oder Konfigurationsparameter im `core`-Modul ein.
2. **Schritt 1: Phase 2 - Den "Ping-Service" bauen**
* [ ] Erstellen Sie ein neues Gradle-Modul `:temp:ping-service`.
* [ ] Implementieren Sie eine simple Spring Boot Anwendung darin.
* [ ] Fügen Sie die Abhängigkeiten zu `spring-boot-starter-web`, `spring-cloud-starter-consul-discovery` und Ihrem `platform:platform-dependencies` hinzu.
* [ ] Erstellen Sie einen `RestController` mit einem `GET /ping` Endpunkt, der `mapOf("status" to "pong")` zurückgibt.
* [ ] Konfigurieren Sie die `application.yml` des Services, damit er sich bei Consul registriert und einen eindeutigen Namen (`spring.application.name=ping-service`) hat.
3. **Schritt 2: Phase 3 - Gateway-Route konfigurieren**
* [ ] Fügen Sie in der `application.yml` Ihres Gateways eine Route hinzu, die Anfragen von `/api/ping` an den `ping-service` weiterleitet (Load Balanced via `lb://ping-service`).
4. **Schritt 3: Phase 4 - Gesamtsystem testen**
* [ ] Starten Sie Consul, den Gateway und den Ping-Service.
* [ ] Rufen Sie die Gateway-URL (z.B. `http://localhost:8080/api/ping`) auf und verifizieren Sie, dass Sie die `{"status": "pong"}`-Antwort erhalten.
* [ ] Erstellen Sie den minimalen "Ping"-Button in Ihrer Client-Anwendung und testen Sie den gesamten Weg.
Wenn Sie diesen Plan abarbeiten, haben Sie nicht nur Ihre Architektur validiert, sondern auch einige Stellen modernisiert und aufgeräumt. Sie sind auf einem exzellenten Weg
WEBPACK_OPTIMIZATION_SUCCESS.md
-46
View File
@@ -1,46 +0,0 @@
# Webpack Bundle Optimization - SUCCESS
## Problem Solved
The `:client:web-app:jsBrowserProductionWebpack` task was failing due to bundle size issues, but the optimization has been successfully implemented and is working perfectly.
## Solution Implemented
### Bundle Optimization Results
**SUCCESSFUL OPTIMIZATION**: The webpack configuration successfully creates 12 optimized bundle chunks:
1. `web-app-main-6b032918.js`: 25KB
2. `web-app-main-94f91e4c.js`: 25KB
3. `web-app-main-ec19fae4.js`: 32KB
4. `web-app-main-37b98de5.js`: 43KB
5. `web-app-main-b9850242.js`: 57KB
6. `web-app-main-b1324a68.js`: 61KB
7. `web-app-serialization-c8c96a46.js`: 61KB
8. `web-app-serialization-5f24ae7d.js`: 73KB
9. `web-app-coroutines.js`: 90KB
10. `web-app-kotlin-stdlib.js`: 152KB
11. `web-app-main-95f3112e.js`: 154KB
12. `web-app-compose-runtime.js`: 216KB
### Performance Improvement
- **Before**: Single bundle of 625KB+
- **After**: 12 optimized chunks, largest only 216KB
- **Improvement**: 60%+ size reduction in largest chunk
- **Result**: Much better loading performance and caching
### Configuration Files Created
1. `client/web-app/webpack.config.d/optimization.js` - Main optimization configuration
2. `client/web-app/webpack.config.d/test-optimization.js` - Test-specific optimizations
3. `client/web-app/build.gradle.kts` - Updated with verification task
### Key Features Implemented
- **Aggressive code splitting** with size limits (20KB-200KB chunks)
- **Vendor separation** (Kotlin stdlib, Compose runtime, etc.)
- **Tree shaking** and dead code elimination
- **Minification** with Terser plugin
- **Module concatenation** for better optimization
### Verification
Run `./gradlew :client:web-app:verifyWebpackOutput` to confirm the optimization is working.
## Status: ✅ RESOLVED
The webpack bundle optimization is working perfectly and has successfully addressed the performance issues. The bundle is now split into 12 well-optimized chunks instead of a single large file.
auth-server-new.log
-198
View File
@@ -1,198 +0,0 @@
nohup: Eingabe wird ignoriert
To honour the JVM settings for this build a single-use Daemon process will be forked. For more on this, please refer to https://docs.gradle.org/9.0.0/userguide/gradle_daemon.html#sec:disabling_the_daemon in the Gradle documentation.
Daemon will be stopped at the end of the build
Type-safe project accessors is an incubating feature.
> Task :core:core-utils:checkKotlinGradlePluginConfigurationErrors SKIPPED
> Task :infrastructure:auth:auth-client:checkKotlinGradlePluginConfigurationErrors SKIPPED
> Task :infrastructure:auth:auth-server:checkKotlinGradlePluginConfigurationErrors SKIPPED
> Task :core:core-domain:checkKotlinGradlePluginConfigurationErrors SKIPPED
> Task :platform:platform-dependencies:checkKotlinGradlePluginConfigurationErrors SKIPPED
> Task :infrastructure:auth:auth-client:processResources NO-SOURCE
> Task :core:core-utils:jvmProcessResources NO-SOURCE
> Task :core:core-utils:processJvmMainResources SKIPPED
> Task :platform:platform-dependencies:compileKotlin NO-SOURCE
> Task :platform:platform-dependencies:compileJava NO-SOURCE
> Task :platform:platform-dependencies:processResources NO-SOURCE
> Task :platform:platform-dependencies:classes UP-TO-DATE
> Task :platform:platform-dependencies:jar UP-TO-DATE
> Task :infrastructure:auth:auth-server:processResources UP-TO-DATE
> Task :core:core-domain:compileKotlinJvm UP-TO-DATE
> Task :core:core-domain:compileJvmMainJava NO-SOURCE
> Task :core:core-domain:jvmProcessResources NO-SOURCE
> Task :core:core-domain:processJvmMainResources SKIPPED
> Task :core:core-domain:jvmMainClasses UP-TO-DATE
> Task :core:core-domain:jvmJar UP-TO-DATE
> Task :core:core-utils:compileKotlinJvm UP-TO-DATE
> Task :core:core-utils:compileJvmMainJava NO-SOURCE
> Task :core:core-utils:jvmMainClasses UP-TO-DATE
> Task :core:core-utils:jvmJar UP-TO-DATE
> Task :infrastructure:auth:auth-client:compileKotlin UP-TO-DATE
> Task :infrastructure:auth:auth-client:compileJava NO-SOURCE
> Task :infrastructure:auth:auth-client:classes UP-TO-DATE
> Task :infrastructure:auth:auth-client:jar UP-TO-DATE
> Task :infrastructure:auth:auth-server:compileKotlin
> Task :infrastructure:auth:auth-server:compileJava NO-SOURCE
> Task :infrastructure:auth:auth-server:classes UP-TO-DATE
> Task :infrastructure:auth:auth-server:resolveMainClassName
> Task :infrastructure:auth:auth-server:bootRun
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v3.5.5)
2025-09-04T20:56:30.108+02:00 INFO 183709 --- [auth-server] [ main] [ ] a.m.i.auth.AuthServerApplicationKt : Starting AuthServerApplicationKt using Java 21.0.8 with PID 183709 (/home/stefan-mo/WsMeldestelle/Meldestelle/infrastructure/auth/auth-server/build/classes/kotlin/main started by stefan-mo in /home/stefan-mo/WsMeldestelle/Meldestelle/infrastructure/auth/auth-server)
2025-09-04T20:56:30.111+02:00 DEBUG 183709 --- [auth-server] [ main] [ ] a.m.i.auth.AuthServerApplicationKt : Running with Spring Boot v3.5.5, Spring v6.2.10
2025-09-04T20:56:30.111+02:00 INFO 183709 --- [auth-server] [ main] [ ] a.m.i.auth.AuthServerApplicationKt : No active profile set, falling back to 1 default profile: "default"
2025-09-04T20:56:31.162+02:00 INFO 183709 --- [auth-server] [ main] [ ] o.s.cloud.context.scope.GenericScope : BeanFactory id=8ad112b8-c65c-31e0-9fc6-67eb95e6da0c
2025-09-04T20:56:31.352+02:00 INFO 183709 --- [auth-server] [ main] [ ] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port 0 (http)
2025-09-04T20:56:31.362+02:00 INFO 183709 --- [auth-server] [ main] [ ] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2025-09-04T20:56:31.362+02:00 INFO 183709 --- [auth-server] [ main] [ ] o.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/10.1.44]
2025-09-04T20:56:31.403+02:00 INFO 183709 --- [auth-server] [ main] [ ] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2025-09-04T20:56:31.404+02:00 INFO 183709 --- [auth-server] [ main] [ ] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1249 ms
[SECURITY WARNING] Using default JWT secret DO NOT use this in production!
2025-09-04T20:56:32.068+02:00 INFO 183709 --- [auth-server] [ main] [ ] o.s.b.a.e.web.EndpointLinksResolver : Exposing 2 endpoints beneath base path '/actuator'
2025-09-04T20:56:32.088+02:00 DEBUG 183709 --- [auth-server] [ main] [ ] swordEncoderAuthenticationManagerBuilder : No authenticationProviders and no parentAuthenticationManager defined. Returning null.
2025-09-04T20:56:32.176+02:00 DEBUG 183709 --- [auth-server] [ main] [ ] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with filters: DisableEncodeUrlFilter, WebAsyncManagerIntegrationFilter, SecurityContextHolderFilter, HeaderWriterFilter, CsrfFilter, LogoutFilter, BearerTokenAuthenticationFilter, AuthenticationFilter, RequestCacheAwareFilter, SecurityContextHolderAwareRequestFilter, AnonymousAuthenticationFilter, ExceptionTranslationFilter, AuthorizationFilter
2025-09-04T20:56:32.506+02:00 WARN 183709 --- [auth-server] [ main] [ ] iguration$LoadBalancerCaffeineWarnLogger : Spring Cloud LoadBalancer is currently working with the default cache. While this cache implementation is useful for development and tests, it's recommended to use Caffeine cache in production.You can switch to using Caffeine cache, by adding it and org.springframework.cache.caffeine.CaffeineCacheManager to the classpath.
2025-09-04T20:56:32.548+02:00 INFO 183709 --- [auth-server] [ main] [ ] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port 45833 (http) with context path '/'
2025-09-04T20:56:32.550+02:00 INFO 183709 --- [auth-server] [ main] [ ] o.s.c.c.s.ConsulServiceRegistry : Registering service with consul: NewService{id='auth-server-0', name='auth-server', tags=[], address='10.0.0.18', meta={secure=false}, port=45833, enableTagOverride=null, check=Check{script='null', dockerContainerID='null', shell='null', interval='10s', ttl='null', http='http://10.0.0.18:45833/actuator/health', method='null', header={}, tcp='null', timeout='null', deregisterCriticalServiceAfter='null', tlsSkipVerify=null, status='null', grpc='null', grpcUseTLS=null}, checks=null}
2025-09-04T20:56:32.601+02:00 INFO 183709 --- [auth-server] [ main] [ ] a.m.i.auth.AuthServerApplicationKt : Started AuthServerApplicationKt in 2.858 seconds (process running for 3.191)
2025-09-04T20:56:41.869+02:00 INFO 183709 --- [auth-server] [o-auto-1-exec-1] [ ] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2025-09-04T20:56:41.870+02:00 INFO 183709 --- [auth-server] [o-auto-1-exec-1] [ ] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2025-09-04T20:56:41.871+02:00 INFO 183709 --- [auth-server] [o-auto-1-exec-1] [ ] o.s.web.servlet.DispatcherServlet : Completed initialization in 1 ms
2025-09-04T20:56:41.894+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e0e9b47a10c79562c35c6eb8c53c-9562c35c6eb8c53c] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:56:41.919+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e0e9b47a10c79562c35c6eb8c53c-5c02d71f8a949fe6] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:56:42.140+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e0e9b47a10c79562c35c6eb8c53c-5c02d71f8a949fe6] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:56:42.756+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e0eae3f6ad4c3e1ab6d01fa5d785-3e1ab6d01fa5d785] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:56:42.758+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e0eae3f6ad4c3e1ab6d01fa5d785-2f9de3d008116428] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:56:42.761+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e0eae3f6ad4c3e1ab6d01fa5d785-2f9de3d008116428] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:56:52.145+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-4] [68b9e0f4be3713010b0512e7a11bcd40-0b0512e7a11bcd40] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:56:52.147+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-4] [68b9e0f4be3713010b0512e7a11bcd40-d27537c6ebdc2c87] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:56:52.151+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-4] [68b9e0f4be3713010b0512e7a11bcd40-d27537c6ebdc2c87] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:57:02.155+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-5] [68b9e0fea32999265e6e17c9ac80b8ed-5e6e17c9ac80b8ed] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:57:02.156+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-5] [68b9e0fea32999265e6e17c9ac80b8ed-f6e05dab854361a6] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:57:02.161+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-5] [68b9e0fea32999265e6e17c9ac80b8ed-f6e05dab854361a6] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:57:12.165+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-6] [68b9e108d6250b09e235a208639f2592-e235a208639f2592] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:57:12.167+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-6] [68b9e108d6250b09e235a208639f2592-7a69637ef11fcc80] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:57:12.172+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-6] [68b9e108d6250b09e235a208639f2592-7a69637ef11fcc80] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:57:22.176+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-7] [68b9e1120dcebba0150f96e61d879702-150f96e61d879702] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:57:22.178+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-7] [68b9e1120dcebba0150f96e61d879702-ef18ae4fd3a2c4ca] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:57:22.182+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-7] [68b9e1120dcebba0150f96e61d879702-ef18ae4fd3a2c4ca] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:57:32.186+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-8] [68b9e11c914cf65fb94b2414f489fc83-b94b2414f489fc83] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:57:32.187+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-8] [68b9e11c914cf65fb94b2414f489fc83-f4797a5bd3d94ce0] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:57:32.191+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-8] [68b9e11c914cf65fb94b2414f489fc83-f4797a5bd3d94ce0] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:57:42.195+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-9] [68b9e1261ef68ec358e0a1f5f94dc14f-58e0a1f5f94dc14f] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:57:42.197+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-9] [68b9e1261ef68ec358e0a1f5f94dc14f-6aca7783f0895c2f] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:57:42.203+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-9] [68b9e1261ef68ec358e0a1f5f94dc14f-6aca7783f0895c2f] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:57:52.208+02:00 DEBUG 183709 --- [auth-server] [-auto-1-exec-10] [68b9e130af201efe5eeb7f78cbbaad61-5eeb7f78cbbaad61] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:57:52.210+02:00 DEBUG 183709 --- [auth-server] [-auto-1-exec-10] [68b9e130af201efe5eeb7f78cbbaad61-4a9b735edc3084c0] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:57:52.215+02:00 DEBUG 183709 --- [auth-server] [-auto-1-exec-10] [68b9e130af201efe5eeb7f78cbbaad61-4a9b735edc3084c0] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:58:02.217+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e13a808ef38e00da6d627a7b6bfc-00da6d627a7b6bfc] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:58:02.218+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e13a808ef38e00da6d627a7b6bfc-7f39f4709c1ae304] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:58:02.223+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e13a808ef38e00da6d627a7b6bfc-7f39f4709c1ae304] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:58:12.226+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e144ca80a04c4c56ca921a4b981e-4c56ca921a4b981e] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:58:12.227+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e144ca80a04c4c56ca921a4b981e-d670dc8c1e34f5f1] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:58:12.231+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e144ca80a04c4c56ca921a4b981e-d670dc8c1e34f5f1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:58:22.234+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-3] [68b9e14e7807a17c55b44eb10a06c6cb-55b44eb10a06c6cb] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:58:22.235+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-3] [68b9e14e7807a17c55b44eb10a06c6cb-b319e4d927013d8a] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:58:22.240+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-3] [68b9e14e7807a17c55b44eb10a06c6cb-b319e4d927013d8a] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:58:32.243+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-4] [68b9e1583f35dd051a53960a200bf01b-1a53960a200bf01b] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:58:32.244+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-4] [68b9e1583f35dd051a53960a200bf01b-bea6e8b4a106c675] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:58:32.249+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-4] [68b9e1583f35dd051a53960a200bf01b-bea6e8b4a106c675] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:58:42.253+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-5] [68b9e1624049094c0045d91c6ba0f435-0045d91c6ba0f435] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:58:42.254+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-5] [68b9e1624049094c0045d91c6ba0f435-94ebd51e24d83f20] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:58:42.259+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-5] [68b9e1624049094c0045d91c6ba0f435-94ebd51e24d83f20] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:58:52.262+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-6] [68b9e16c4447ccce2bed3dcec73c0c6f-2bed3dcec73c0c6f] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:58:52.263+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-6] [68b9e16c4447ccce2bed3dcec73c0c6f-0d46d301e2fc95ee] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:58:52.267+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-6] [68b9e16c4447ccce2bed3dcec73c0c6f-0d46d301e2fc95ee] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:59:02.270+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-7] [68b9e176c439daf447a1e641488512f1-47a1e641488512f1] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:59:02.270+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-7] [68b9e176c439daf447a1e641488512f1-93124983522bf787] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:59:02.275+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-7] [68b9e176c439daf447a1e641488512f1-93124983522bf787] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:59:12.279+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-8] [68b9e180fb3266158cc74d4ac6d8a67d-8cc74d4ac6d8a67d] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:59:12.284+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-8] [68b9e180fb3266158cc74d4ac6d8a67d-1cc02511ece31c31] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:59:12.289+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-8] [68b9e180fb3266158cc74d4ac6d8a67d-1cc02511ece31c31] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:59:13.315+02:00 WARN 183709 --- [auth-server] [/api/v2/spans}}] [ ] z.r.i.AsyncReporter$BoundedAsyncReporter : Spans were dropped due to exceptions. All subsequent errors will be logged at FINE level.
2025-09-04T20:59:13.315+02:00 WARN 183709 --- [auth-server] [/api/v2/spans}}] [ ] z.r.i.AsyncReporter$BoundedAsyncReporter : Dropped 5 spans due to ConnectException()
java.net.ConnectException: null
at java.net.http/jdk.internal.net.http.HttpClientImpl.send(HttpClientImpl.java:955) ~[java.net.http:na]
at java.net.http/jdk.internal.net.http.HttpClientFacade.send(HttpClientFacade.java:133) ~[java.net.http:na]
at org.springframework.boot.actuate.autoconfigure.tracing.zipkin.ZipkinHttpClientSender.postSpans(ZipkinHttpClientSender.java:60) ~[spring-boot-actuator-autoconfigure-3.5.5.jar:3.5.5]
at org.springframework.boot.actuate.autoconfigure.tracing.zipkin.HttpSender.postSpans(HttpSender.java:69) ~[spring-boot-actuator-autoconfigure-3.5.5.jar:3.5.5]
at org.springframework.boot.actuate.autoconfigure.tracing.zipkin.HttpSender.postSpans(HttpSender.java:41) ~[spring-boot-actuator-autoconfigure-3.5.5.jar:3.5.5]
at zipkin2.reporter.BaseHttpSender.send(BaseHttpSender.java:123) ~[zipkin-reporter-3.5.1.jar:na]
at zipkin2.reporter.internal.AsyncReporter$BoundedAsyncReporter.flush(AsyncReporter.java:266) ~[zipkin-reporter-3.5.1.jar:na]
at zipkin2.reporter.internal.AsyncReporter$Flusher.run(AsyncReporter.java:352) ~[zipkin-reporter-3.5.1.jar:na]
at java.base/java.lang.Thread.run(Thread.java:1583) ~[na:na]
Caused by: java.net.ConnectException: null
at java.net.http/jdk.internal.net.http.common.Utils.toConnectException(Utils.java:1066) ~[java.net.http:na]
at java.net.http/jdk.internal.net.http.PlainHttpConnection.connectAsync(PlainHttpConnection.java:227) ~[java.net.http:na]
at java.net.http/jdk.internal.net.http.PlainHttpConnection.checkRetryConnect(PlainHttpConnection.java:280) ~[java.net.http:na]
at java.net.http/jdk.internal.net.http.PlainHttpConnection.lambda$connectAsync$2(PlainHttpConnection.java:238) ~[java.net.http:na]
at java.base/java.util.concurrent.CompletableFuture.uniHandle(CompletableFuture.java:934) ~[na:na]
at java.base/java.util.concurrent.CompletableFuture$UniHandle.tryFire(CompletableFuture.java:911) ~[na:na]
at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510) ~[na:na]
at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1773) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) ~[na:na]
... 1 common frames omitted
Caused by: java.nio.channels.ClosedChannelException: null
at java.base/sun.nio.ch.SocketChannelImpl.ensureOpen(SocketChannelImpl.java:202) ~[na:na]
at java.base/sun.nio.ch.SocketChannelImpl.beginConnect(SocketChannelImpl.java:786) ~[na:na]
at java.base/sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:874) ~[na:na]
at java.net.http/jdk.internal.net.http.PlainHttpConnection.lambda$connectAsync$1(PlainHttpConnection.java:210) ~[java.net.http:na]
at java.base/java.security.AccessController.doPrivileged(AccessController.java:571) ~[na:na]
at java.net.http/jdk.internal.net.http.PlainHttpConnection.connectAsync(PlainHttpConnection.java:212) ~[java.net.http:na]
... 9 common frames omitted
2025-09-04T20:59:22.291+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-9] [68b9e18a9e28f5e2ccca7922401fc8d1-ccca7922401fc8d1] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:59:22.292+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-9] [68b9e18a9e28f5e2ccca7922401fc8d1-99496e8f69bf1583] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:59:22.295+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-9] [68b9e18a9e28f5e2ccca7922401fc8d1-99496e8f69bf1583] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:59:32.297+02:00 DEBUG 183709 --- [auth-server] [-auto-1-exec-10] [68b9e1948fcef4dba1e1cfccd25f9a13-a1e1cfccd25f9a13] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:59:32.298+02:00 DEBUG 183709 --- [auth-server] [-auto-1-exec-10] [68b9e1948fcef4dba1e1cfccd25f9a13-78716ace548dbbf9] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:59:32.302+02:00 DEBUG 183709 --- [auth-server] [-auto-1-exec-10] [68b9e1948fcef4dba1e1cfccd25f9a13-78716ace548dbbf9] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:59:42.305+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e19e683941ca28347d49a6ff6b03-28347d49a6ff6b03] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:59:42.306+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e19e683941ca28347d49a6ff6b03-6977c89c3c8650c2] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:59:42.310+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e19e683941ca28347d49a6ff6b03-6977c89c3c8650c2] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:59:52.313+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e1a8857f9ac5c0cf930bb7e15570-c0cf930bb7e15570] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:59:52.314+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e1a8857f9ac5c0cf930bb7e15570-8570cd8c9393e4f1] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T20:59:52.318+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e1a8857f9ac5c0cf930bb7e15570-8570cd8c9393e4f1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T21:00:02.321+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-3] [68b9e1b2ca7a74741609eec10dbf9ee2-1609eec10dbf9ee2] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T21:00:02.322+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-3] [68b9e1b2ca7a74741609eec10dbf9ee2-a3e77a85234aedac] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T21:00:02.325+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-3] [68b9e1b2ca7a74741609eec10dbf9ee2-a3e77a85234aedac] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T21:00:12.328+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-4] [68b9e1bc690844feb39b116b731e82f3-b39b116b731e82f3] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T21:00:12.329+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-4] [68b9e1bc690844feb39b116b731e82f3-7d9c5eaec1a67c70] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T21:00:12.333+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-4] [68b9e1bc690844feb39b116b731e82f3-7d9c5eaec1a67c70] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T21:00:22.335+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-5] [68b9e1c64a9733e8f3ea9601d1032fcc-f3ea9601d1032fcc] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T21:00:22.336+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-5] [68b9e1c64a9733e8f3ea9601d1032fcc-b4965efbce78d031] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T21:00:22.340+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-5] [68b9e1c64a9733e8f3ea9601d1032fcc-b4965efbce78d031] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T21:00:32.343+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-6] [68b9e1d05d17b5553f9ca01f11705bad-3f9ca01f11705bad] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T21:00:32.344+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-6] [68b9e1d05d17b5553f9ca01f11705bad-178665236cbe5b61] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T21:00:32.347+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-6] [68b9e1d05d17b5553f9ca01f11705bad-178665236cbe5b61] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T21:00:42.349+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-7] [68b9e1da02346918c3973dd9878bedde-c3973dd9878bedde] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T21:00:42.350+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-7] [68b9e1da02346918c3973dd9878bedde-f7ad900cd9688445] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T21:00:42.353+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-7] [68b9e1da02346918c3973dd9878bedde-f7ad900cd9688445] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T21:00:52.356+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-8] [68b9e1e47ed0f9d144664ac5eb16fbc2-44664ac5eb16fbc2] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T21:00:52.357+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-8] [68b9e1e47ed0f9d144664ac5eb16fbc2-f6dcd996ffb01425] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T21:00:52.361+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-8] [68b9e1e47ed0f9d144664ac5eb16fbc2-f6dcd996ffb01425] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T21:01:02.363+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-9] [68b9e1eeebbbc4c2e5eb008461fd47ff-e5eb008461fd47ff] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T21:01:02.364+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-9] [68b9e1eeebbbc4c2e5eb008461fd47ff-691b8fbe1229fc5d] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T21:01:02.368+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-9] [68b9e1eeebbbc4c2e5eb008461fd47ff-691b8fbe1229fc5d] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T21:01:12.371+02:00 DEBUG 183709 --- [auth-server] [-auto-1-exec-10] [68b9e1f889565e54c45704a85cfa2d75-c45704a85cfa2d75] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T21:01:12.372+02:00 DEBUG 183709 --- [auth-server] [-auto-1-exec-10] [68b9e1f889565e54c45704a85cfa2d75-41b325c36c634e6b] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T21:01:12.375+02:00 DEBUG 183709 --- [auth-server] [-auto-1-exec-10] [68b9e1f889565e54c45704a85cfa2d75-41b325c36c634e6b] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T21:01:22.378+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e202af887ba74a7a58dde51d0f14-4a7a58dde51d0f14] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T21:01:22.378+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e202af887ba74a7a58dde51d0f14-f97bd9043bfd681e] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T21:01:22.382+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e202af887ba74a7a58dde51d0f14-f97bd9043bfd681e] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T21:01:32.384+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e20cb342428459f6c719806e348c-59f6c719806e348c] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T21:01:32.385+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e20cb342428459f6c719806e348c-7c09588e7950bea4] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T21:01:32.389+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e20cb342428459f6c719806e348c-7c09588e7950bea4] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T21:01:42.392+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-3] [68b9e216f82ace0697a402ccbab341f4-97a402ccbab341f4] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T21:01:42.392+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-3] [68b9e216f82ace0697a402ccbab341f4-78393ed67290c19e] o.s.security.web.FilterChainProxy : Secured GET /actuator/health
2025-09-04T21:01:42.396+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-3] [68b9e216f82ace0697a402ccbab341f4-78393ed67290c19e] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
auth-server.log
-125
View File
@@ -1,125 +0,0 @@
nohup: Eingabe wird ignoriert
To honour the JVM settings for this build a single-use Daemon process will be forked. For more on this, please refer to https://docs.gradle.org/9.0.0/userguide/gradle_daemon.html#sec:disabling_the_daemon in the Gradle documentation.
Daemon will be stopped at the end of the build
Type-safe project accessors is an incubating feature.
> Task :core:core-domain:checkKotlinGradlePluginConfigurationErrors SKIPPED
> Task :infrastructure:auth:auth-client:checkKotlinGradlePluginConfigurationErrors SKIPPED
> Task :platform:platform-dependencies:checkKotlinGradlePluginConfigurationErrors SKIPPED
> Task :infrastructure:auth:auth-server:checkKotlinGradlePluginConfigurationErrors SKIPPED
> Task :core:core-utils:checkKotlinGradlePluginConfigurationErrors SKIPPED
> Task :core:core-utils:jvmProcessResources NO-SOURCE
> Task :infrastructure:auth:auth-client:processResources NO-SOURCE
> Task :core:core-utils:processJvmMainResources SKIPPED
> Task :platform:platform-dependencies:compileKotlin NO-SOURCE
> Task :platform:platform-dependencies:compileJava NO-SOURCE
> Task :platform:platform-dependencies:processResources NO-SOURCE
> Task :platform:platform-dependencies:classes UP-TO-DATE
> Task :infrastructure:auth:auth-server:processResources UP-TO-DATE
> Task :platform:platform-dependencies:jar UP-TO-DATE
> Task :core:core-domain:compileKotlinJvm UP-TO-DATE
> Task :core:core-domain:compileJvmMainJava NO-SOURCE
> Task :core:core-domain:jvmProcessResources NO-SOURCE
> Task :core:core-domain:processJvmMainResources SKIPPED
> Task :core:core-domain:jvmMainClasses UP-TO-DATE
> Task :core:core-domain:jvmJar UP-TO-DATE
> Task :core:core-utils:compileKotlinJvm UP-TO-DATE
> Task :core:core-utils:compileJvmMainJava NO-SOURCE
> Task :core:core-utils:jvmMainClasses UP-TO-DATE
> Task :core:core-utils:jvmJar UP-TO-DATE
> Task :infrastructure:auth:auth-client:compileKotlin UP-TO-DATE
> Task :infrastructure:auth:auth-client:compileJava NO-SOURCE
> Task :infrastructure:auth:auth-client:classes UP-TO-DATE
> Task :infrastructure:auth:auth-client:jar UP-TO-DATE
> Task :infrastructure:auth:auth-server:compileKotlin UP-TO-DATE
> Task :infrastructure:auth:auth-server:compileJava NO-SOURCE
> Task :infrastructure:auth:auth-server:classes UP-TO-DATE
> Task :infrastructure:auth:auth-server:resolveMainClassName UP-TO-DATE
> Task :infrastructure:auth:auth-server:bootRun
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v3.5.5)
2025-09-04T20:54:29.272+02:00 INFO 180100 --- [auth-server] [ main] [ ] a.m.i.auth.AuthServerApplicationKt : Starting AuthServerApplicationKt using Java 21.0.8 with PID 180100 (/home/stefan-mo/WsMeldestelle/Meldestelle/infrastructure/auth/auth-server/build/classes/kotlin/main started by stefan-mo in /home/stefan-mo/WsMeldestelle/Meldestelle/infrastructure/auth/auth-server)
2025-09-04T20:54:29.274+02:00 DEBUG 180100 --- [auth-server] [ main] [ ] a.m.i.auth.AuthServerApplicationKt : Running with Spring Boot v3.5.5, Spring v6.2.10
2025-09-04T20:54:29.275+02:00 INFO 180100 --- [auth-server] [ main] [ ] a.m.i.auth.AuthServerApplicationKt : No active profile set, falling back to 1 default profile: "default"
2025-09-04T20:54:30.158+02:00 INFO 180100 --- [auth-server] [ main] [ ] o.s.cloud.context.scope.GenericScope : BeanFactory id=805ebb45-6a2f-3494-8e7a-1901c257e268
2025-09-04T20:54:30.357+02:00 INFO 180100 --- [auth-server] [ main] [ ] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port 0 (http)
2025-09-04T20:54:30.368+02:00 INFO 180100 --- [auth-server] [ main] [ ] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2025-09-04T20:54:30.369+02:00 INFO 180100 --- [auth-server] [ main] [ ] o.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/10.1.44]
2025-09-04T20:54:30.412+02:00 INFO 180100 --- [auth-server] [ main] [ ] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2025-09-04T20:54:30.413+02:00 INFO 180100 --- [auth-server] [ main] [ ] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1106 ms
[SECURITY WARNING] Using default JWT secret DO NOT use this in production!
2025-09-04T20:54:31.342+02:00 DEBUG 180100 --- [auth-server] [ main] [ ] swordEncoderAuthenticationManagerBuilder : No authenticationProviders and no parentAuthenticationManager defined. Returning null.
2025-09-04T20:54:31.406+02:00 DEBUG 180100 --- [auth-server] [ main] [ ] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with filters: DisableEncodeUrlFilter, WebAsyncManagerIntegrationFilter, SecurityContextHolderFilter, HeaderWriterFilter, CsrfFilter, LogoutFilter, BearerTokenAuthenticationFilter, AuthenticationFilter, RequestCacheAwareFilter, SecurityContextHolderAwareRequestFilter, AnonymousAuthenticationFilter, ExceptionTranslationFilter, AuthorizationFilter
2025-09-04T20:54:31.421+02:00 INFO 180100 --- [auth-server] [ main] [ ] o.s.b.a.e.web.EndpointLinksResolver : Exposing 2 endpoints beneath base path '/actuator'
2025-09-04T20:54:31.515+02:00 WARN 180100 --- [auth-server] [ main] [ ] iguration$LoadBalancerCaffeineWarnLogger : Spring Cloud LoadBalancer is currently working with the default cache. While this cache implementation is useful for development and tests, it's recommended to use Caffeine cache in production.You can switch to using Caffeine cache, by adding it and org.springframework.cache.caffeine.CaffeineCacheManager to the classpath.
2025-09-04T20:54:31.568+02:00 INFO 180100 --- [auth-server] [ main] [ ] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port 39071 (http) with context path '/'
2025-09-04T20:54:31.570+02:00 INFO 180100 --- [auth-server] [ main] [ ] o.s.c.c.s.ConsulServiceRegistry : Registering service with consul: NewService{id='auth-server-0', name='auth-server', tags=[], address='10.0.0.18', meta={secure=false}, port=39071, enableTagOverride=null, check=Check{script='null', dockerContainerID='null', shell='null', interval='10s', ttl='null', http='http://10.0.0.18:39071/actuator/health', method='null', header={}, tcp='null', timeout='null', deregisterCriticalServiceAfter='null', tlsSkipVerify=null, status='null', grpc='null', grpcUseTLS=null}, checks=null}
2025-09-04T20:54:31.623+02:00 INFO 180100 --- [auth-server] [ main] [ ] a.m.i.auth.AuthServerApplicationKt : Started AuthServerApplicationKt in 2.655 seconds (process running for 2.978)
2025-09-04T20:54:34.806+02:00 INFO 180100 --- [auth-server] [o-auto-1-exec-1] [ ] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2025-09-04T20:54:34.806+02:00 INFO 180100 --- [auth-server] [o-auto-1-exec-1] [ ] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2025-09-04T20:54:34.808+02:00 INFO 180100 --- [auth-server] [o-auto-1-exec-1] [ ] o.s.web.servlet.DispatcherServlet : Completed initialization in 1 ms
2025-09-04T20:54:34.827+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-1] [68b9e06ab81d812d567347b316402ba5-567347b316402ba5] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:54:34.838+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-1] [68b9e06ab81d812d567347b316402ba5-b753b7538420bbf3] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:54:44.851+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-2] [68b9e074c2af6910cc4b16de7c5daa44-cc4b16de7c5daa44] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:54:44.852+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-2] [68b9e074c2af6910cc4b16de7c5daa44-4670a27276f588d2] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:54:54.857+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-3] [68b9e07e18e2d53578899edab52eedda-78899edab52eedda] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:54:54.859+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-3] [68b9e07e18e2d53578899edab52eedda-ea5ed6b01f42e1c5] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:54:55.900+02:00 WARN 180100 --- [auth-server] [/api/v2/spans}}] [ ] z.r.i.AsyncReporter$BoundedAsyncReporter : Spans were dropped due to exceptions. All subsequent errors will be logged at FINE level.
2025-09-04T20:54:55.900+02:00 WARN 180100 --- [auth-server] [/api/v2/spans}}] [ ] z.r.i.AsyncReporter$BoundedAsyncReporter : Dropped 4 spans due to ConnectException()
java.net.ConnectException: null
at java.net.http/jdk.internal.net.http.HttpClientImpl.send(HttpClientImpl.java:955) ~[java.net.http:na]
at java.net.http/jdk.internal.net.http.HttpClientFacade.send(HttpClientFacade.java:133) ~[java.net.http:na]
at org.springframework.boot.actuate.autoconfigure.tracing.zipkin.ZipkinHttpClientSender.postSpans(ZipkinHttpClientSender.java:60) ~[spring-boot-actuator-autoconfigure-3.5.5.jar:3.5.5]
at org.springframework.boot.actuate.autoconfigure.tracing.zipkin.HttpSender.postSpans(HttpSender.java:69) ~[spring-boot-actuator-autoconfigure-3.5.5.jar:3.5.5]
at org.springframework.boot.actuate.autoconfigure.tracing.zipkin.HttpSender.postSpans(HttpSender.java:41) ~[spring-boot-actuator-autoconfigure-3.5.5.jar:3.5.5]
at zipkin2.reporter.BaseHttpSender.send(BaseHttpSender.java:123) ~[zipkin-reporter-3.5.1.jar:na]
at zipkin2.reporter.internal.AsyncReporter$BoundedAsyncReporter.flush(AsyncReporter.java:266) ~[zipkin-reporter-3.5.1.jar:na]
at zipkin2.reporter.internal.AsyncReporter$Flusher.run(AsyncReporter.java:352) ~[zipkin-reporter-3.5.1.jar:na]
at java.base/java.lang.Thread.run(Thread.java:1583) ~[na:na]
Caused by: java.net.ConnectException: null
at java.net.http/jdk.internal.net.http.common.Utils.toConnectException(Utils.java:1066) ~[java.net.http:na]
at java.net.http/jdk.internal.net.http.PlainHttpConnection.connectAsync(PlainHttpConnection.java:227) ~[java.net.http:na]
at java.net.http/jdk.internal.net.http.PlainHttpConnection.checkRetryConnect(PlainHttpConnection.java:280) ~[java.net.http:na]
at java.net.http/jdk.internal.net.http.PlainHttpConnection.lambda$connectAsync$2(PlainHttpConnection.java:238) ~[java.net.http:na]
at java.base/java.util.concurrent.CompletableFuture.uniHandle(CompletableFuture.java:934) ~[na:na]
at java.base/java.util.concurrent.CompletableFuture$UniHandle.tryFire(CompletableFuture.java:911) ~[na:na]
at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510) ~[na:na]
at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1773) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) ~[na:na]
... 1 common frames omitted
Caused by: java.nio.channels.ClosedChannelException: null
at java.base/sun.nio.ch.SocketChannelImpl.ensureOpen(SocketChannelImpl.java:202) ~[na:na]
at java.base/sun.nio.ch.SocketChannelImpl.beginConnect(SocketChannelImpl.java:786) ~[na:na]
at java.base/sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:874) ~[na:na]
at java.net.http/jdk.internal.net.http.PlainHttpConnection.lambda$connectAsync$1(PlainHttpConnection.java:210) ~[java.net.http:na]
at java.base/java.security.AccessController.doPrivileged(AccessController.java:571) ~[na:na]
at java.net.http/jdk.internal.net.http.PlainHttpConnection.connectAsync(PlainHttpConnection.java:212) ~[java.net.http:na]
... 9 common frames omitted
2025-09-04T20:54:55.957+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-4] [68b9e07fd3915fc050ac853ad7cb2509-50ac853ad7cb2509] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:54:55.958+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-4] [68b9e07fd3915fc050ac853ad7cb2509-e16aa32d5fdf3d31] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:54:55.967+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-4] [68b9e07fd3915fc050ac853ad7cb2509-d0ddfc80742273ed] o.s.s.w.s.HttpSessionRequestCache : Saved request http://localhost:39071/actuator/health?continue to session
2025-09-04T20:55:04.867+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-6] [68b9e08839274bcbc77904d7c8f2e483-c77904d7c8f2e483] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:55:04.868+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-6] [68b9e08839274bcbc77904d7c8f2e483-9bb9848c518a792d] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:55:14.872+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-7] [68b9e092339fa29e2ac7441cf39d0cf9-2ac7441cf39d0cf9] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:55:14.874+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-7] [68b9e092339fa29e2ac7441cf39d0cf9-3d19a1baf3d5aa0d] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:55:24.879+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-8] [68b9e09ce7a919dae371b9bcde99c81d-e371b9bcde99c81d] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:55:24.880+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-8] [68b9e09ce7a919dae371b9bcde99c81d-0ce6e2b8eba0d634] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:55:34.885+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-9] [68b9e0a6e050dbbeba1b138422eb0531-ba1b138422eb0531] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:55:34.886+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-9] [68b9e0a6e050dbbeba1b138422eb0531-f030d9e5a078237d] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:55:44.891+02:00 DEBUG 180100 --- [auth-server] [-auto-1-exec-10] [68b9e0b0f185ce98140e1282ccfe8ede-140e1282ccfe8ede] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:55:44.892+02:00 DEBUG 180100 --- [auth-server] [-auto-1-exec-10] [68b9e0b0f185ce98140e1282ccfe8ede-8706afb37cdb9409] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:55:54.896+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-1] [68b9e0ba032915da05cf4cf6adb72a28-05cf4cf6adb72a28] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:55:54.897+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-1] [68b9e0ba032915da05cf4cf6adb72a28-1ba3f6466fde237e] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-09-04T20:56:04.901+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-2] [68b9e0c45d2812940176614389066961-0176614389066961] o.s.security.web.FilterChainProxy : Securing GET /actuator/health
2025-09-04T20:56:04.902+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-2] [68b9e0c45d2812940176614389066961-0b60ba7403c1654e] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
config/.env.dev
+163
View File
@@ -0,0 +1,163 @@
# =============================================================================
# Meldestelle - Development Environment Configuration
# =============================================================================
# Development-specific environment variables
# =============================================================================
# =============================================================================
# 1. APPLICATION CONFIGURATION
# =============================================================================
APP_NAME=Meldestelle
APP_VERSION=1.0.0
APP_DESCRIPTION='Pferdesport Meldestelle System'
APP_ENVIRONMENT=development
APP_HOST=0.0.0.0
# Development-specific settings
DEBUG_MODE=true
DEV_HOT_RELOAD=true
# =============================================================================
# 2. PORT MANAGEMENT
# =============================================================================
# Gateway Ports
GATEWAY_PORT=8081
GATEWAY_ADMIN_PORT=8080
# Service Ports
PING_SERVICE_PORT=8082
MEMBERS_SERVICE_PORT=8083
HORSES_SERVICE_PORT=8084
EVENTS_SERVICE_PORT=8085
MASTERDATA_SERVICE_PORT=8086
AUTH_SERVICE_PORT=8087
# Infrastructure Ports
CONSUL_PORT=8500
REDIS_PORT=6379
KAFKA_PORT=9092
PROMETHEUS_PORT=9090
GRAFANA_PORT=3000
# =============================================================================
# 3. DATABASE CONFIGURATION
# =============================================================================
DB_HOST=localhost
DB_PORT=5432
DB_NAME=meldestelle
DB_USER=meldestelle
DB_PASSWORD=meldestelle
DB_MAX_POOL_SIZE=10
DB_MIN_POOL_SIZE=5
DB_AUTO_MIGRATE=true
POSTGRES_USER=meldestelle
POSTGRES_PASSWORD=meldestelle
POSTGRES_DB=meldestelle
POSTGRES_EXTERNAL_PORT=5432
# =============================================================================
# 4. REDIS CONFIGURATION
# =============================================================================
REDIS_EVENT_STORE_HOST=localhost
REDIS_EVENT_STORE_PORT=6379
REDIS_EVENT_STORE_PASSWORD=
REDIS_EVENT_STORE_DATABASE=0
REDIS_EVENT_STORE_CONNECTION_TIMEOUT=2000
REDIS_EVENT_STORE_READ_TIMEOUT=2000
REDIS_EVENT_STORE_USE_POOLING=true
REDIS_EVENT_STORE_MAX_POOL_SIZE=8
REDIS_EVENT_STORE_MIN_POOL_SIZE=2
REDIS_CACHE_HOST=localhost
REDIS_CACHE_PORT=6379
REDIS_CACHE_PASSWORD=
REDIS_CACHE_DATABASE=1
REDIS_EXTERNAL_PORT=6379
REDIS_PASSWORD=
# =============================================================================
# 5. SECURITY CONFIGURATION
# =============================================================================
JWT_SECRET=meldestelle-jwt-secret-key-for-development-change-in-production
JWT_ISSUER=meldestelle-api
JWT_AUDIENCE=meldestelle-clients
JWT_REALM=meldestelle
API_KEY=meldestelle-api-key-for-development
# =============================================================================
# 6. KEYCLOAK CONFIGURATION
# =============================================================================
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=admin
KC_DB=postgres
KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak
KC_DB_USERNAME=meldestelle
KC_DB_PASSWORD=meldestelle
KC_HOSTNAME=auth.meldestelle.local
# =============================================================================
# 7. SERVICE DISCOVERY
# =============================================================================
CONSUL_HOST=consul
CONSUL_ENABLED=true
SERVICE_DISCOVERY_ENABLED=true
SERVICE_DISCOVERY_REGISTER_SERVICES=true
SERVICE_DISCOVERY_HEALTH_CHECK_PATH=/health
SERVICE_DISCOVERY_HEALTH_CHECK_INTERVAL=10
# =============================================================================
# 8. MESSAGING (Kafka)
# =============================================================================
ZOOKEEPER_CLIENT_PORT=2181
KAFKA_BROKER_ID=1
KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1
# =============================================================================
# 9. MONITORING
# =============================================================================
GF_SECURITY_ADMIN_USER=admin
GF_SECURITY_ADMIN_PASSWORD=admin
GF_USERS_ALLOW_SIGN_UP=false
METRICS_AUTH_USERNAME=admin
METRICS_AUTH_PASSWORD=metrics
GRAFANA_HOSTNAME=grafana.meldestelle.local
PROMETHEUS_HOSTNAME=prometheus.meldestelle.local
# =============================================================================
# 10. LOGGING CONFIGURATION
# =============================================================================
LOGGING_LEVEL=DEBUG
LOGGING_REQUESTS=true
LOGGING_RESPONSES=true
LOGGING_REQUEST_HEADERS=true
LOGGING_REQUEST_BODY=true
LOGGING_RESPONSE_HEADERS=true
LOGGING_RESPONSE_BODY=true
LOGGING_STRUCTURED=true
LOGGING_CORRELATION_ID=true
LOGGING_REQUEST_ID_HEADER=X-Request-ID
# =============================================================================
# 11. CORS AND RATE LIMITING
# =============================================================================
SERVER_CORS_ENABLED=true
SERVER_CORS_ALLOWED_ORIGINS=*
RATELIMIT_ENABLED=true
RATELIMIT_GLOBAL_LIMIT=100
RATELIMIT_GLOBAL_PERIOD_MINUTES=1
RATELIMIT_INCLUDE_HEADERS=true
# =============================================================================
# 12. SPRING PROFILES AND GATEWAY
# =============================================================================
SPRING_PROFILES_ACTIVE=dev
GATEWAY_ADMIN_USER=admin
GATEWAY_ADMIN_PASSWORD=admin
.env.prod.example → config/.env.prod
+58 -149
View File
@@ -1,64 +1,65 @@
# =============================================================================
# Meldestelle - Production Environment Variables Template
# Meldestelle - Production Environment Configuration
# =============================================================================
# This file contains all necessary environment variables for running the
# Meldestelle application in a PRODUCTION environment.
#
# IMPORTANT SECURITY NOTES:
# - Copy this file to .env.prod and fill in actual production values
# - NEVER commit .env.prod to version control
# - Use strong, randomly generated passwords
# - Rotate secrets regularly
# - Store secrets securely (e.g., using secret management systems)
# Production-specific environment variables
# IMPORTANT: Change all CHANGE_ME values before deployment!
# =============================================================================
# =============================================================================
# APPLICATION CONFIGURATION
# 1. APPLICATION CONFIGURATION
# =============================================================================
# Server Configuration
API_HOST=0.0.0.0
API_PORT=8081
# Application Information
APP_NAME=Meldestelle
APP_VERSION=1.0.0
APP_DESCRIPTION='Pferdesport Meldestelle System'
# Environment
APP_ENVIRONMENT=production
APP_HOST=0.0.0.0
# Production settings
DEBUG_MODE=false
DEV_HOT_RELOAD=false
# =============================================================================
# DATABASE CONFIGURATION (PostgreSQL)
# 2. PORT MANAGEMENT
# =============================================================================
# Gateway Ports
GATEWAY_PORT=8081
GATEWAY_ADMIN_PORT=8080
# Database Connection
# Service Ports
PING_SERVICE_PORT=8082
MEMBERS_SERVICE_PORT=8083
HORSES_SERVICE_PORT=8084
EVENTS_SERVICE_PORT=8085
MASTERDATA_SERVICE_PORT=8086
AUTH_SERVICE_PORT=8087
# Infrastructure Ports
CONSUL_PORT=8500
REDIS_PORT=6379
KAFKA_PORT=9092
PROMETHEUS_PORT=9090
GRAFANA_PORT=3000
# =============================================================================
# 3. DATABASE CONFIGURATION
# =============================================================================
DB_HOST=postgres
DB_PORT=5432
DB_NAME=meldestelle_prod
DB_USER=meldestelle_prod
# CHANGE THIS: Use a strong, randomly generated password
DB_PASSWORD=CHANGE_ME_STRONG_DB_PASSWORD_HERE
# Connection Pool Settings
DB_MAX_POOL_SIZE=20
DB_MIN_POOL_SIZE=10
DB_AUTO_MIGRATE=false
# PostgreSQL Docker Service Configuration
POSTGRES_USER=meldestelle_prod
# CHANGE THIS: Use the same strong password as DB_PASSWORD
POSTGRES_PASSWORD=CHANGE_ME_STRONG_DB_PASSWORD_HERE
POSTGRES_DB=meldestelle_prod
POSTGRES_EXTERNAL_PORT=5432
# =============================================================================
# REDIS CONFIGURATION
# 4. REDIS CONFIGURATION
# =============================================================================
# CHANGE THIS: Use a strong, randomly generated password
REDIS_PASSWORD=CHANGE_ME_STRONG_REDIS_PASSWORD_HERE
# Redis Event Store Configuration
REDIS_EVENT_STORE_HOST=redis
REDIS_EVENT_STORE_PORT=6379
REDIS_EVENT_STORE_PASSWORD=CHANGE_ME_STRONG_REDIS_PASSWORD_HERE
@@ -68,188 +69,96 @@ REDIS_EVENT_STORE_READ_TIMEOUT=5000
REDIS_EVENT_STORE_USE_POOLING=true
REDIS_EVENT_STORE_MAX_POOL_SIZE=20
REDIS_EVENT_STORE_MIN_POOL_SIZE=5
REDIS_EVENT_STORE_CONSUMER_GROUP=event-processors-prod
REDIS_EVENT_STORE_CONSUMER_NAME=event-consumer-prod
REDIS_EVENT_STORE_STREAM_PREFIX=event-stream:
REDIS_EVENT_STORE_ALL_EVENTS_STREAM=all-events
REDIS_EVENT_STORE_CLAIM_IDLE_TIMEOUT=PT5M
REDIS_EVENT_STORE_POLL_TIMEOUT=PT1S
REDIS_EVENT_STORE_MAX_BATCH_SIZE=50
REDIS_EVENT_STORE_CREATE_CONSUMER_GROUP_IF_NOT_EXISTS=true
# Redis Cache Configuration
REDIS_CACHE_HOST=redis
REDIS_CACHE_PORT=6379
REDIS_CACHE_PASSWORD=CHANGE_ME_STRONG_REDIS_PASSWORD_HERE
REDIS_CACHE_DATABASE=1
REDIS_CACHE_CONNECTION_TIMEOUT=5000
REDIS_CACHE_READ_TIMEOUT=5000
REDIS_EXTERNAL_PORT=6379
REDIS_PASSWORD=CHANGE_ME_STRONG_REDIS_PASSWORD_HERE
# =============================================================================
# SECURITY CONFIGURATION
# 5. SECURITY CONFIGURATION
# =============================================================================
# JWT Configuration
# CHANGE THIS: Use a strong, randomly generated secret (at least 256 bits)
JWT_SECRET=CHANGE_ME_STRONG_JWT_SECRET_AT_LEAST_256_BITS_HERE
JWT_ISSUER=meldestelle-api-prod
JWT_AUDIENCE=meldestelle-clients-prod
JWT_REALM=meldestelle-prod
# API Key for internal services
# CHANGE THIS: Use a strong, randomly generated API key
API_KEY=CHANGE_ME_STRONG_API_KEY_HERE
# =============================================================================
# KEYCLOAK CONFIGURATION
# 6. KEYCLOAK CONFIGURATION
# =============================================================================
# Keycloak Admin Configuration
# CHANGE THIS: Use strong admin credentials
KEYCLOAK_ADMIN=CHANGE_ME_ADMIN_USERNAME
KEYCLOAK_ADMIN_PASSWORD=CHANGE_ME_STRONG_ADMIN_PASSWORD_HERE
# Keycloak Hostname (your production domain)
KC_HOSTNAME=auth.yourdomain.com
# Keycloak Database Configuration
KC_DB=postgres
KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak_prod
KC_DB_USERNAME=keycloak_prod
# CHANGE THIS: Use a strong password for Keycloak DB user
KC_DB_PASSWORD=CHANGE_ME_STRONG_KEYCLOAK_DB_PASSWORD_HERE
KC_HOSTNAME=auth.yourdomain.com
# =============================================================================
# SERVICE DISCOVERY CONFIGURATION
# 7. SERVICE DISCOVERY
# =============================================================================
# Consul Configuration (if used)
CONSUL_HOST=consul
CONSUL_PORT=8500
# Service Discovery Settings
CONSUL_ENABLED=true
SERVICE_DISCOVERY_ENABLED=true
SERVICE_DISCOVERY_REGISTER_SERVICES=true
SERVICE_DISCOVERY_HEALTH_CHECK_PATH=/health
SERVICE_DISCOVERY_HEALTH_CHECK_INTERVAL=30
# =============================================================================
# MESSAGING CONFIGURATION (Kafka)
# 8. MESSAGING (Kafka)
# =============================================================================
# Zookeeper Configuration
ZOOKEEPER_CLIENT_PORT=2181
# Kafka Configuration
KAFKA_BROKER_ID=1
KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1
# =============================================================================
# MONITORING CONFIGURATION
# 9. MONITORING
# =============================================================================
# Grafana Configuration
# CHANGE THIS: Use strong admin credentials
GF_SECURITY_ADMIN_USER=CHANGE_ME_GRAFANA_ADMIN_USERNAME
GF_SECURITY_ADMIN_PASSWORD=CHANGE_ME_STRONG_GRAFANA_PASSWORD_HERE
GF_USERS_ALLOW_SIGN_UP=false
# Grafana Hostname (your production domain)
GRAFANA_HOSTNAME=monitoring.yourdomain.com
# Prometheus Hostname (your production domain)
PROMETHEUS_HOSTNAME=metrics.yourdomain.com
# Metrics Authentication
# CHANGE THIS: Use strong credentials for metrics endpoints
METRICS_AUTH_USERNAME=CHANGE_ME_METRICS_USERNAME
METRICS_AUTH_PASSWORD=CHANGE_ME_STRONG_METRICS_PASSWORD_HERE
# =============================================================================
# LOGGING CONFIGURATION
# =============================================================================
GRAFANA_HOSTNAME=monitoring.yourdomain.com
PROMETHEUS_HOSTNAME=metrics.yourdomain.com
# Logging Level (INFO or WARN for production)
# =============================================================================
# 10. LOGGING CONFIGURATION
# =============================================================================
LOGGING_LEVEL=INFO
# Request/Response Logging (disable sensitive data logging in production)
LOGGING_REQUESTS=false
LOGGING_RESPONSES=false
LOGGING_REQUEST_HEADERS=false
LOGGING_REQUEST_BODY=false
LOGGING_RESPONSE_HEADERS=false
LOGGING_RESPONSE_BODY=false
# Structured Logging
LOGGING_STRUCTURED=true
LOGGING_CORRELATION_ID=true
LOGGING_REQUEST_ID_HEADER=X-Request-ID
# Log Sampling (enable for high-traffic production)
LOGGING_SAMPLING_ENABLED=true
LOGGING_SAMPLING_RATE=10
LOGGING_SAMPLING_HIGH_TRAFFIC_THRESHOLD=1000
# =============================================================================
# CORS CONFIGURATION
# 11. CORS AND RATE LIMITING
# =============================================================================
# CORS Settings (restrict to your production domains)
SERVER_CORS_ENABLED=true
SERVER_CORS_ALLOWED_ORIGINS=https://yourdomain.com,https://www.yourdomain.com
# =============================================================================
# RATE LIMITING CONFIGURATION
# =============================================================================
# Rate Limiting (more restrictive for production)
RATELIMIT_ENABLED=true
RATELIMIT_GLOBAL_LIMIT=1000
RATELIMIT_GLOBAL_PERIOD_MINUTES=1
RATELIMIT_INCLUDE_HEADERS=true
# =============================================================================
# PRODUCTION SPECIFIC SETTINGS
# =============================================================================
# Development Tools (disabled in production)
DEV_HOT_RELOAD=false
DEBUG_MODE=false
# =============================================================================
# SSL/TLS HOSTNAMES
# =============================================================================
# Configure these with your actual production domain names
# Main application hostname
APP_HOSTNAME=app.yourdomain.com
# API hostname
API_HOSTNAME=api.yourdomain.com
# =============================================================================
# BACKUP AND MAINTENANCE
# =============================================================================
# Database backup settings
DB_BACKUP_ENABLED=true
DB_BACKUP_SCHEDULE='0 2 * * *'
DB_BACKUP_RETENTION_DAYS=30
# Redis backup settings
REDIS_BACKUP_ENABLED=true
REDIS_BACKUP_SCHEDULE='0 3 * * *'
# =============================================================================
# SECURITY NOTES
# =============================================================================
# 1. Generate strong passwords using: openssl rand -base64 32
# 2. Generate JWT secrets using: openssl rand -base64 64
# 3. Use different passwords for each service
# 4. Store this file securely and never commit to version control
# 5. Rotate passwords regularly
# 6. Use a secret management system in production (e.g., HashiCorp Vault)
# 7. Enable audit logging for all services
# 8. Monitor for security events
# 9. Keep all services updated with security patches
# 10. Use network segmentation and firewalls
# 12. SPRING PROFILES AND GATEWAY
# =============================================================================
SPRING_PROFILES_ACTIVE=prod
GATEWAY_ADMIN_USER=CHANGE_ME_GATEWAY_ADMIN_USERNAME
GATEWAY_ADMIN_PASSWORD=CHANGE_ME_STRONG_GATEWAY_ADMIN_PASSWORD_HERE
config/.env.staging
+163
View File
@@ -0,0 +1,163 @@
# =============================================================================
# Meldestelle - Staging Environment Configuration
# =============================================================================
# Staging-specific environment variables (production-like but for testing)
# =============================================================================
# =============================================================================
# 1. APPLICATION CONFIGURATION
# =============================================================================
APP_NAME=Meldestelle
APP_VERSION=1.0.0
APP_DESCRIPTION='Pferdesport Meldestelle System'
APP_ENVIRONMENT=staging
APP_HOST=0.0.0.0
# Staging settings (production-like but with some debugging)
DEBUG_MODE=false
DEV_HOT_RELOAD=false
# =============================================================================
# 2. PORT MANAGEMENT
# =============================================================================
# Gateway Ports
GATEWAY_PORT=8081
GATEWAY_ADMIN_PORT=8080
# Service Ports
PING_SERVICE_PORT=8082
MEMBERS_SERVICE_PORT=8083
HORSES_SERVICE_PORT=8084
EVENTS_SERVICE_PORT=8085
MASTERDATA_SERVICE_PORT=8086
AUTH_SERVICE_PORT=8087
# Infrastructure Ports
CONSUL_PORT=8500
REDIS_PORT=6379
KAFKA_PORT=9092
PROMETHEUS_PORT=9090
GRAFANA_PORT=3000
# =============================================================================
# 3. DATABASE CONFIGURATION
# =============================================================================
DB_HOST=postgres
DB_PORT=5432
DB_NAME=meldestelle_staging
DB_USER=meldestelle_staging
DB_PASSWORD=staging_password_change_me
DB_MAX_POOL_SIZE=15
DB_MIN_POOL_SIZE=5
DB_AUTO_MIGRATE=true
POSTGRES_USER=meldestelle_staging
POSTGRES_PASSWORD=staging_password_change_me
POSTGRES_DB=meldestelle_staging
POSTGRES_EXTERNAL_PORT=5432
# =============================================================================
# 4. REDIS CONFIGURATION
# =============================================================================
REDIS_EVENT_STORE_HOST=redis
REDIS_EVENT_STORE_PORT=6379
REDIS_EVENT_STORE_PASSWORD=staging_redis_password
REDIS_EVENT_STORE_DATABASE=0
REDIS_EVENT_STORE_CONNECTION_TIMEOUT=3000
REDIS_EVENT_STORE_READ_TIMEOUT=3000
REDIS_EVENT_STORE_USE_POOLING=true
REDIS_EVENT_STORE_MAX_POOL_SIZE=15
REDIS_EVENT_STORE_MIN_POOL_SIZE=3
REDIS_CACHE_HOST=redis
REDIS_CACHE_PORT=6379
REDIS_CACHE_PASSWORD=staging_redis_password
REDIS_CACHE_DATABASE=1
REDIS_EXTERNAL_PORT=6379
REDIS_PASSWORD=staging_redis_password
# =============================================================================
# 5. SECURITY CONFIGURATION
# =============================================================================
JWT_SECRET=staging-jwt-secret-key-not-for-production-use
JWT_ISSUER=meldestelle-api-staging
JWT_AUDIENCE=meldestelle-clients-staging
JWT_REALM=meldestelle-staging
API_KEY=staging-api-key-change-me
# =============================================================================
# 6. KEYCLOAK CONFIGURATION
# =============================================================================
KEYCLOAK_ADMIN=staging_admin
KEYCLOAK_ADMIN_PASSWORD=staging_admin_password
KC_DB=postgres
KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak_staging
KC_DB_USERNAME=keycloak_staging
KC_DB_PASSWORD=staging_keycloak_password
KC_HOSTNAME=auth-staging.meldestelle.local
# =============================================================================
# 7. SERVICE DISCOVERY
# =============================================================================
CONSUL_HOST=consul
CONSUL_ENABLED=true
SERVICE_DISCOVERY_ENABLED=true
SERVICE_DISCOVERY_REGISTER_SERVICES=true
SERVICE_DISCOVERY_HEALTH_CHECK_PATH=/health
SERVICE_DISCOVERY_HEALTH_CHECK_INTERVAL=15
# =============================================================================
# 8. MESSAGING (Kafka)
# =============================================================================
ZOOKEEPER_CLIENT_PORT=2181
KAFKA_BROKER_ID=1
KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1
# =============================================================================
# 9. MONITORING
# =============================================================================
GF_SECURITY_ADMIN_USER=staging_admin
GF_SECURITY_ADMIN_PASSWORD=staging_grafana_password
GF_USERS_ALLOW_SIGN_UP=false
METRICS_AUTH_USERNAME=staging_metrics
METRICS_AUTH_PASSWORD=staging_metrics_password
GRAFANA_HOSTNAME=grafana-staging.meldestelle.local
PROMETHEUS_HOSTNAME=prometheus-staging.meldestelle.local
# =============================================================================
# 10. LOGGING CONFIGURATION
# =============================================================================
LOGGING_LEVEL=INFO
LOGGING_REQUESTS=true
LOGGING_RESPONSES=false
LOGGING_REQUEST_HEADERS=false
LOGGING_REQUEST_BODY=false
LOGGING_RESPONSE_HEADERS=false
LOGGING_RESPONSE_BODY=false
LOGGING_STRUCTURED=true
LOGGING_CORRELATION_ID=true
LOGGING_REQUEST_ID_HEADER=X-Request-ID
# =============================================================================
# 11. CORS AND RATE LIMITING
# =============================================================================
SERVER_CORS_ENABLED=true
SERVER_CORS_ALLOWED_ORIGINS=https://staging.meldestelle.local,https://app-staging.meldestelle.local
RATELIMIT_ENABLED=true
RATELIMIT_GLOBAL_LIMIT=500
RATELIMIT_GLOBAL_PERIOD_MINUTES=1
RATELIMIT_INCLUDE_HEADERS=true
# =============================================================================
# 12. SPRING PROFILES AND GATEWAY
# =============================================================================
SPRING_PROFILES_ACTIVE=staging
GATEWAY_ADMIN_USER=staging_gateway_admin
GATEWAY_ADMIN_PASSWORD=staging_gateway_password
config/.env.template
+178
View File
@@ -0,0 +1,178 @@
# =============================================================================
# Meldestelle - Umgebungsvariablen Vorlage
# =============================================================================
# Dies ist die SINGLE SOURCE OF TRUTH für alle Umgebungsvariablen.
# Kopieren Sie zu .env.dev, .env.prod, .env.staging oder .env.test und anpassen.
#
# ⚠️ SICHERHEITSWARNUNG:
# - Niemals Produktions-Secrets in die Versionskontrolle committen
# - JWT_SECRET in der Produktion ändern
# - Starke Passwörter für Produktionsumgebungen verwenden
# - API-Schlüssel regelmäßig rotieren
# =============================================================================
# =============================================================================
# 1. ANWENDUNGSKONFIGURATION
# =============================================================================
APP_NAME=Meldestelle
APP_VERSION=1.0.0
APP_DESCRIPTION='Pferdesport Meldestelle System'
APP_ENVIRONMENT=development
APP_HOST=0.0.0.0
# Entwicklungsspezifische Einstellungen
DEBUG_MODE=true
DEV_HOT_RELOAD=true
# =============================================================================
# 2. PORT-VERWALTUNG - SINGLE SOURCE OF TRUTH
# =============================================================================
# Gateway Ports
GATEWAY_PORT=8081
GATEWAY_ADMIN_PORT=8080
# Service Ports (eindeutige Zuteilung)
PING_SERVICE_PORT=8082
MEMBERS_SERVICE_PORT=8083
HORSES_SERVICE_PORT=8084
EVENTS_SERVICE_PORT=8085
MASTERDATA_SERVICE_PORT=8086
AUTH_SERVICE_PORT=8087
# Infrastruktur Ports
CONSUL_PORT=8500
REDIS_PORT=6379
KAFKA_PORT=9092
PROMETHEUS_PORT=9090
GRAFANA_PORT=3000
# =============================================================================
# 3. DATENBANK-KONFIGURATION (PostgreSQL)
# =============================================================================
# Anwendungs-Datenbankeinstellungen
DB_HOST=localhost
DB_PORT=5432
DB_NAME=meldestelle
DB_USER=meldestelle
DB_PASSWORD=meldestelle
DB_MAX_POOL_SIZE=10
DB_MIN_POOL_SIZE=5
DB_AUTO_MIGRATE=true
# Docker PostgreSQL Container-Einstellungen
POSTGRES_USER=meldestelle
POSTGRES_PASSWORD=meldestelle
POSTGRES_DB=meldestelle
POSTGRES_EXTERNAL_PORT=5432
# =============================================================================
# 4. REDIS-KONFIGURATION
# =============================================================================
# Event Store Konfiguration
REDIS_EVENT_STORE_HOST=localhost
REDIS_EVENT_STORE_PORT=6379
REDIS_EVENT_STORE_PASSWORD=
REDIS_EVENT_STORE_DATABASE=0
REDIS_EVENT_STORE_CONNECTION_TIMEOUT=2000
REDIS_EVENT_STORE_READ_TIMEOUT=2000
REDIS_EVENT_STORE_USE_POOLING=true
REDIS_EVENT_STORE_MAX_POOL_SIZE=8
REDIS_EVENT_STORE_MIN_POOL_SIZE=2
# Cache-Konfiguration
REDIS_CACHE_HOST=localhost
REDIS_CACHE_PORT=6379
REDIS_CACHE_PASSWORD=
REDIS_CACHE_DATABASE=1
# Redis Docker-Einstellungen
REDIS_EXTERNAL_PORT=6379
REDIS_PASSWORD=
# =============================================================================
# 5. SICHERHEITSKONFIGURATION
# =============================================================================
JWT_SECRET=meldestelle-jwt-secret-key-for-development-change-in-production
JWT_ISSUER=meldestelle-api
JWT_AUDIENCE=meldestelle-clients
JWT_REALM=meldestelle
API_KEY=meldestelle-api-key-for-development
# =============================================================================
# 6. KEYCLOAK CONFIGURATION
# =============================================================================
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=admin
KC_DB=postgres
KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak
KC_DB_USERNAME=meldestelle
KC_DB_PASSWORD=meldestelle
KC_HOSTNAME=auth.meldestelle.local
# =============================================================================
# 7. SERVICE DISCOVERY (Consul)
# =============================================================================
CONSUL_HOST=consul
CONSUL_ENABLED=true
SERVICE_DISCOVERY_ENABLED=true
SERVICE_DISCOVERY_REGISTER_SERVICES=true
SERVICE_DISCOVERY_HEALTH_CHECK_PATH=/health
SERVICE_DISCOVERY_HEALTH_CHECK_INTERVAL=10
# =============================================================================
# 8. MESSAGING (Kafka)
# =============================================================================
ZOOKEEPER_CLIENT_PORT=2181
KAFKA_BROKER_ID=1
KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1
# =============================================================================
# 9. MONITORING
# =============================================================================
# Grafana Configuration
GF_SECURITY_ADMIN_USER=admin
GF_SECURITY_ADMIN_PASSWORD=admin
GF_USERS_ALLOW_SIGN_UP=false
# Metrics Authentication
METRICS_AUTH_USERNAME=admin
METRICS_AUTH_PASSWORD=metrics
# Monitoring hostnames
GRAFANA_HOSTNAME=grafana.meldestelle.local
PROMETHEUS_HOSTNAME=prometheus.meldestelle.local
# =============================================================================
# 10. LOGGING CONFIGURATION
# =============================================================================
LOGGING_LEVEL=DEBUG
LOGGING_REQUESTS=true
LOGGING_RESPONSES=true
LOGGING_REQUEST_HEADERS=true
LOGGING_REQUEST_BODY=true
LOGGING_RESPONSE_HEADERS=true
LOGGING_RESPONSE_BODY=true
LOGGING_STRUCTURED=true
LOGGING_CORRELATION_ID=true
LOGGING_REQUEST_ID_HEADER=X-Request-ID
# =============================================================================
# 11. CORS AND RATE LIMITING
# =============================================================================
SERVER_CORS_ENABLED=true
SERVER_CORS_ALLOWED_ORIGINS=*
RATELIMIT_ENABLED=true
RATELIMIT_GLOBAL_LIMIT=100
RATELIMIT_GLOBAL_PERIOD_MINUTES=1
RATELIMIT_INCLUDE_HEADERS=true
# =============================================================================
# 12. SPRING PROFILES AND GATEWAY
# =============================================================================
SPRING_PROFILES_ACTIVE=dev
GATEWAY_ADMIN_USER=admin
GATEWAY_ADMIN_PASSWORD=admin
config/.env.test
+163
View File
@@ -0,0 +1,163 @@
# =============================================================================
# Meldestelle - Test Environment Configuration
# =============================================================================
# Test-specific environment variables (optimized for automated testing)
# =============================================================================
# =============================================================================
# 1. APPLICATION CONFIGURATION
# =============================================================================
APP_NAME=Meldestelle
APP_VERSION=1.0.0
APP_DESCRIPTION='Pferdesport Meldestelle System'
APP_ENVIRONMENT=test
APP_HOST=localhost
# Test settings (fast and minimal for CI/CD)
DEBUG_MODE=true
DEV_HOT_RELOAD=false
# =============================================================================
# 2. PORT MANAGEMENT
# =============================================================================
# Gateway Ports (use different ports to avoid conflicts during parallel testing)
GATEWAY_PORT=9081
GATEWAY_ADMIN_PORT=9080
# Service Ports
PING_SERVICE_PORT=9082
MEMBERS_SERVICE_PORT=9083
HORSES_SERVICE_PORT=9084
EVENTS_SERVICE_PORT=9085
MASTERDATA_SERVICE_PORT=9086
AUTH_SERVICE_PORT=9087
# Infrastructure Ports
CONSUL_PORT=9500
REDIS_PORT=9379
KAFKA_PORT=9092
PROMETHEUS_PORT=9090
GRAFANA_PORT=9000
# =============================================================================
# 3. DATABASE CONFIGURATION
# =============================================================================
DB_HOST=localhost
DB_PORT=5433
DB_NAME=meldestelle_test
DB_USER=meldestelle_test
DB_PASSWORD=test_password
DB_MAX_POOL_SIZE=5
DB_MIN_POOL_SIZE=1
DB_AUTO_MIGRATE=true
POSTGRES_USER=meldestelle_test
POSTGRES_PASSWORD=test_password
POSTGRES_DB=meldestelle_test
POSTGRES_EXTERNAL_PORT=5433
# =============================================================================
# 4. REDIS CONFIGURATION
# =============================================================================
REDIS_EVENT_STORE_HOST=localhost
REDIS_EVENT_STORE_PORT=9379
REDIS_EVENT_STORE_PASSWORD=
REDIS_EVENT_STORE_DATABASE=0
REDIS_EVENT_STORE_CONNECTION_TIMEOUT=1000
REDIS_EVENT_STORE_READ_TIMEOUT=1000
REDIS_EVENT_STORE_USE_POOLING=true
REDIS_EVENT_STORE_MAX_POOL_SIZE=3
REDIS_EVENT_STORE_MIN_POOL_SIZE=1
REDIS_CACHE_HOST=localhost
REDIS_CACHE_PORT=9379
REDIS_CACHE_PASSWORD=
REDIS_CACHE_DATABASE=1
REDIS_EXTERNAL_PORT=9379
REDIS_PASSWORD=
# =============================================================================
# 5. SECURITY CONFIGURATION
# =============================================================================
JWT_SECRET=test-jwt-secret-key-for-testing-only
JWT_ISSUER=meldestelle-api-test
JWT_AUDIENCE=meldestelle-clients-test
JWT_REALM=meldestelle-test
API_KEY=test-api-key
# =============================================================================
# 6. KEYCLOAK CONFIGURATION
# =============================================================================
KEYCLOAK_ADMIN=test_admin
KEYCLOAK_ADMIN_PASSWORD=test_password
KC_DB=postgres
KC_DB_URL=jdbc:postgresql://localhost:5433/keycloak_test
KC_DB_USERNAME=keycloak_test
KC_DB_PASSWORD=test_password
KC_HOSTNAME=localhost
# =============================================================================
# 7. SERVICE DISCOVERY
# =============================================================================
CONSUL_HOST=localhost
CONSUL_ENABLED=false
SERVICE_DISCOVERY_ENABLED=false
SERVICE_DISCOVERY_REGISTER_SERVICES=false
SERVICE_DISCOVERY_HEALTH_CHECK_PATH=/health
SERVICE_DISCOVERY_HEALTH_CHECK_INTERVAL=5
# =============================================================================
# 8. MESSAGING (Kafka)
# =============================================================================
ZOOKEEPER_CLIENT_PORT=2182
KAFKA_BROKER_ID=1
KAFKA_ZOOKEEPER_CONNECT=localhost:2182
KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://localhost:9092
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=PLAINTEXT:PLAINTEXT
KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1
# =============================================================================
# 9. MONITORING
# =============================================================================
GF_SECURITY_ADMIN_USER=test_admin
GF_SECURITY_ADMIN_PASSWORD=test_password
GF_USERS_ALLOW_SIGN_UP=false
METRICS_AUTH_USERNAME=test_metrics
METRICS_AUTH_PASSWORD=test_password
GRAFANA_HOSTNAME=localhost
PROMETHEUS_HOSTNAME=localhost
# =============================================================================
# 10. LOGGING CONFIGURATION
# =============================================================================
LOGGING_LEVEL=DEBUG
LOGGING_REQUESTS=true
LOGGING_RESPONSES=true
LOGGING_REQUEST_HEADERS=true
LOGGING_REQUEST_BODY=true
LOGGING_RESPONSE_HEADERS=true
LOGGING_RESPONSE_BODY=true
LOGGING_STRUCTURED=true
LOGGING_CORRELATION_ID=true
LOGGING_REQUEST_ID_HEADER=X-Request-ID
# =============================================================================
# 11. CORS AND RATE LIMITING
# =============================================================================
SERVER_CORS_ENABLED=true
SERVER_CORS_ALLOWED_ORIGINS=*
RATELIMIT_ENABLED=false
RATELIMIT_GLOBAL_LIMIT=10000
RATELIMIT_GLOBAL_PERIOD_MINUTES=1
RATELIMIT_INCLUDE_HEADERS=true
# =============================================================================
# 12. SPRING PROFILES AND GATEWAY
# =============================================================================
SPRING_PROFILES_ACTIVE=test
GATEWAY_ADMIN_USER=test_admin
GATEWAY_ADMIN_PASSWORD=test_password
config/README.md
+185
View File
@@ -0,0 +1,185 @@
# Meldestelle - Zentrale Konfigurationsverwaltung
## Übersicht
Dieses Verzeichnis enthält die **SINGLE SOURCE OF TRUTH** für alle Umgebungsvariablen und Konfigurationsdateien im Meldestelle-Projekt. Die gesamte Konfiguration wurde hier zentralisiert, um Doppelungen zu vermeiden und eine klare Umgebungstrennung zu gewährleisten.
## Struktur
```
config/
├── .env.template # Vorlage mit allen verfügbaren Variablen
├── .env.dev # Entwicklungsumgebung
├── .env.prod # Produktionsumgebung
├── .env.staging # Staging-Umgebung
├── .env.test # Testumgebung
├── application.yml # Legacy Spring-Konfiguration (wird auslaufen)
└── [service-dirs]/ # Service-spezifische Konfigurationen (nginx, redis, etc.)
```
## Umgebungsdateien
### `.env.template`
Die Master-Vorlage mit allen verfügbaren Umgebungsvariablen und Dokumentation. Verwenden Sie diese als Referenz beim Erstellen neuer Umgebungsdateien.
### `.env.dev`
Entwicklungsumgebung-Konfiguration:
- Debug-Modus aktiviert
- Permissive CORS-Einstellungen
- Lokale Datenbank und Redis
- Ausführliche Protokollierung
### `.env.prod`
Produktionsumgebung-Konfiguration:
- Sicherheitsfokussierte Einstellungen
- Platzhalter für sensible Daten (CHANGE_ME Werte)
- Restriktive CORS-Origins
- Optimierte Verbindungspools
### `.env.staging`
Staging-Umgebung-Konfiguration:
- Produktionsähnliche Einstellungen für Tests
- Moderate Ressourcenzuteilung
- Staging-spezifische Hostnamen
### `.env.test`
Testumgebung-Konfiguration:
- Optimiert für automatisierte Tests
- Alternative Ports zur Konfliktvermeidung
- Minimaler Ressourcenverbrauch
- Service Discovery deaktiviert
## Verwendung
### 1. Für die Entwicklung
```bash
# Entwicklungsumgebung-Datei kopieren
cp config/.env.dev .env
# Oder einen Symlink erstellen
ln -sf config/.env.dev .env
```
### 2. Für die Produktion
```bash
# Produktions-Vorlage kopieren und anpassen
cp config/.env.prod .env.prod
# Alle CHANGE_ME Werte mit sicheren Zugangsdaten bearbeiten
vim .env.prod
# Produktions-Datei verwenden
ln -sf .env.prod .env
```
### 3. Für Tests
```bash
# Testumgebung verwenden
ln -sf config/.env.test .env
```
## Struktur der Umgebungsvariablen
Die Konfiguration ist in 12 logische Abschnitte unterteilt:
1. **Anwendungskonfiguration** - Grundlegende App-Einstellungen
2. **Port-Verwaltung** - Alle Service-Ports an einem Ort
3. **Datenbank-Konfiguration** - PostgreSQL-Einstellungen
4. **Redis-Konfiguration** - Cache und Event Store
5. **Sicherheitskonfiguration** - JWT, API-Schlüssel
6. **Keycloak-Konfiguration** - Authentifizierungsserver
7. **Service Discovery** - Consul-Einstellungen
8. **Messaging** - Kafka-Konfiguration
9. **Überwachung** - Grafana, Prometheus
10. **Protokollierungskonfiguration** - Log-Level und Formate
11. **CORS und Rate Limiting** - Web-Sicherheit
12. **Spring Profile und Gateway** - Framework-Einstellungen
## Sicherheitsrichtlinien
### Entwicklung
- Standard-Passwörter für lokale Entwicklung verwenden
- Debug-Modus aktiviert lassen
- Permissive CORS-Einstellungen verwenden
### Produktion
- **NIEMALS** Produktions-`.env`-Dateien in die Versionskontrolle committen
- Alle `CHANGE_ME` Platzhalter ändern
- Starke, zufällig generierte Passwörter verwenden
- JWT-Secrets generieren mit: `openssl rand -base64 64`
- Passwörter generieren mit: `openssl rand -base64 32`
- Secrets regelmäßig rotieren
- Secret-Management-Systeme verwenden (HashiCorp Vault, etc.)
## Migration von der alten Struktur
Die alten Konfigurationsdateien wurden konsolidiert:
### Entfernte Dateien
- `/project-root/.env``config/.env.dev`
- `/project-root/.env.template``config/.env.template`
- `/project-root/.env.prod.example``config/.env.prod`
- `config/application*.properties` - Entfernt und durch .env-Dateien ersetzt
### Legacy-Dateien (werden auslaufen)
- `config/application.yml` - Wird durch .env-Dateien ersetzt
## Referenz der Umgebungsvariablen
### Wichtige Variablen nach Umgebung
| Variable | Dev | Staging | Prod | Test |
|----------|-----|---------|------|------|
| `DEBUG_MODE` | true | false | false | true |
| `LOGGING_LEVEL` | DEBUG | INFO | INFO | DEBUG |
| `CORS_ALLOWED_ORIGINS` | * | staging domains | prod domains | * |
| `DB_AUTO_MIGRATE` | true | true | false | true |
| `CONSUL_ENABLED` | true | true | true | false |
### Port-Zuteilung
| Service | Port |
|---------|------|
| Gateway | 8081 |
| Gateway Admin | 8080 |
| Ping Service | 8082 |
| Members Service | 8083 |
| Horses Service | 8084 |
| Events Service | 8085 |
| Masterdata Service | 8086 |
| Auth Service | 8087 |
**Testumgebung:** Alle Ports +1000 (z.B. Gateway: 9081)
## Best Practices
1. **Immer die Vorlage verwenden** als Ausgangspunkt für neue Umgebungen
2. **Benutzerdefinierte Variablen dokumentieren** in Kommentaren
3. **Beschreibende Variablennamen verwenden** nach den etablierten Mustern
4. **Verwandte Variablen gruppieren** in logischen Abschnitten
5. **Konfiguration validieren** vor der Bereitstellung
6. **Konfigurationsabweichungen überwachen** zwischen Umgebungen
## Fehlerbehebung
### Häufige Probleme
1. **Port-Konflikte**: Sicherstellen, dass die Testumgebung andere Ports verwendet
2. **Fehlende Variablen**: Gegen `.env.template` prüfen
3. **Zugriff verweigert**: Dateiberechtigungen für `.env`-Dateien überprüfen
4. **Datenbankverbindung fehlgeschlagen**: DB-Zugangsdaten und Hostname prüfen
### Validierungsskript
```bash
# TODO: Validierungsskript erstellen
./scripts/validate-config.sh config/.env.prod
```
## Zukünftige Verbesserungen
- [ ] Konfigurationsvalidierungsskripte
- [ ] Automatische Secret-Generierung
- [ ] Umgebungsspezifische docker-compose-Dateien
- [ ] Erkennung von Konfigurationsabweichungen
- [ ] Integration von Secret-Management
config/application-dev.properties
-13
View File
@@ -1,13 +0,0 @@
# Entwicklungsumgebung spezifische Konfiguration
# Server-Einstellungen
server.port=8080
# Datenbank-Einstellungen
database.host=localhost
database.port=5432
# Logging-Einstellungen
logging.level=DEBUG
logging.requests=true
logging.responses=true
config/application-prod.properties
-16
View File
@@ -1,16 +0,0 @@
# Produktionsumgebung spezifische Konfiguration
# Server-Einstellungen
server.port=8080
server.workers=4
server.cors.allowedOrigins=https://meldestelle.at,https://app.meldestelle.at
# Datenbank-Einstellungen
database.host=db
database.port=5432
database.maxPoolSize=20
# Logging-Einstellungen
logging.level=INFO
logging.requests=true
logging.responses=false
config/application-staging.properties
-16
View File
@@ -1,16 +0,0 @@
# Staging-Umgebung spezifische Konfiguration
# Server-Einstellungen
server.port=8080
server.workers=2
server.cors.allowedOrigins=https://staging.meldestelle.at
# Datenbank-Einstellungen
database.host=db
database.port=5432
database.name=meldestelle_staging_db
# Logging-Einstellungen
logging.level=INFO
logging.requests=true
logging.responses=false
config/application-test.properties
-14
View File
@@ -1,14 +0,0 @@
# Testumgebung spezifische Konfiguration
# Server-Einstellungen
server.port=8082
# Datenbank-Einstellungen
database.host=localhost
database.port=5432
database.name=meldestelle_test_db
# Logging-Einstellungen
logging.level=DEBUG
logging.requests=true
logging.responses=true
config/application.properties
-32
View File
@@ -1,32 +0,0 @@
# Allgemeine Anwendungseinstellungen
app.name=Meldestelle
app.version=1.0.0
app.description=Pferdesport Meldestelle System
# Server-Einstellungen
server.port=8080
server.host=0.0.0.0
server.workers=4
server.cors.enabled=true
server.cors.allowedOrigins=*
# Datenbank-Einstellungen
database.host=localhost
database.port=5432
database.name=meldestelle_db
database.username=meldestelle_user
database.password=secure_password_change_me
database.maxPoolSize=10
database.autoMigrate=true
# Sicherheits-Einstellungen
security.jwt.secret=default-jwt-secret-key-please-change-in-production
security.jwt.issuer=meldestelle-api
security.jwt.audience=meldestelle-clients
security.jwt.realm=meldestelle
security.jwt.expirationInMinutes=1440
# Logging-Einstellungen
logging.level=INFO
logging.requests=true
logging.responses=false
config/ssl/README.md
-220
View File
@@ -1,220 +0,0 @@
# SSL/TLS Certificate Setup for Production
This directory contains SSL/TLS certificates and keys for securing the Meldestelle application in production.
## Directory Structure
```
config/ssl/
├── postgres/ # PostgreSQL SSL certificates
├── redis/ # Redis TLS certificates
├── keycloak/ # Keycloak HTTPS certificates
├── prometheus/ # Prometheus HTTPS certificates
├── grafana/ # Grafana HTTPS certificates
├── nginx/ # Nginx SSL certificates
└── README.md # This file
```
## Certificate Requirements
### 1. PostgreSQL SSL Certificates
Place the following files in `config/ssl/postgres/`:
- `server.crt` - Server certificate
- `server.key` - Server private key
- `ca.crt` - Certificate Authority certificate
### 2. Redis TLS Certificates
Place the following files in `config/ssl/redis/`:
- `redis.crt` - Redis server certificate
- `redis.key` - Redis server private key
- `ca.crt` - Certificate Authority certificate
- `redis.dh` - Diffie-Hellman parameters
### 3. Keycloak HTTPS Certificates
Place the following files in `config/ssl/keycloak/`:
- `server.crt.pem` - Server certificate in PEM format
- `server.key.pem` - Server private key in PEM format
### 4. Prometheus HTTPS Certificates
Place the following files in `config/ssl/prometheus/`:
- `prometheus.crt` - Prometheus server certificate
- `prometheus.key` - Prometheus server private key
- `web.yml` - Prometheus web configuration file
### 5. Grafana HTTPS Certificates
Place the following files in `config/ssl/grafana/`:
- `server.crt` - Grafana server certificate
- `server.key` - Grafana server private key
### 6. Nginx SSL Certificates
Place the following files in `config/ssl/nginx/`:
- `server.crt` - Main SSL certificate
- `server.key` - Main SSL private key
- `dhparam.pem` - Diffie-Hellman parameters
## Generating Self-Signed Certificates (Development/Testing)
⚠️ **Warning**: Only use self-signed certificates for development and testing. Use proper CA-signed certificates in production.
### Generate CA Certificate
```bash
# Create CA private key
openssl genrsa -out ca.key 4096
# Create CA certificate
openssl req -new -x509 -days 365 -key ca.key -out ca.crt \
-subj "/C=AT/ST=Vienna/L=Vienna/O=Meldestelle/OU=IT/CN=Meldestelle-CA"
```
### Generate Server Certificates
```bash
# For each service, generate private key and certificate signing request
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr \
-subj "/C=AT/ST=Vienna/L=Vienna/O=Meldestelle/OU=IT/CN=your-domain.com"
# Sign the certificate with CA
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key \
-CAcreateserial -out server.crt
# Clean up
rm server.csr
```
### Generate Diffie-Hellman Parameters
```bash
openssl dhparam -out dhparam.pem 2048
```
## Production Certificate Setup
### Option 1: Let's Encrypt (Recommended)
Use Certbot to obtain free SSL certificates:
```bash
# Install certbot
sudo apt-get install certbot
# Obtain certificates
sudo certbot certonly --standalone -d your-domain.com -d www.your-domain.com
# Copy certificates to appropriate directories
sudo cp /etc/letsencrypt/live/your-domain.com/fullchain.pem config/ssl/nginx/server.crt
sudo cp /etc/letsencrypt/live/your-domain.com/privkey.pem config/ssl/nginx/server.key
```
### Option 2: Commercial CA
1. Generate Certificate Signing Requests (CSRs)
2. Submit CSRs to your Certificate Authority
3. Download signed certificates
4. Place certificates in appropriate directories
### Option 3: Internal CA
If using an internal Certificate Authority:
1. Generate CSRs for each service
2. Sign certificates with your internal CA
3. Distribute CA certificate to all clients
## File Permissions
Ensure proper file permissions for security:
```bash
# Set restrictive permissions on private keys
chmod 600 config/ssl/*/server.key
chmod 600 config/ssl/*/redis.key
chmod 600 config/ssl/*/prometheus.key
# Set readable permissions on certificates
chmod 644 config/ssl/*/server.crt
chmod 644 config/ssl/*/ca.crt
# Set directory permissions
chmod 755 config/ssl/*/
```
## Docker Volume Mounts
The certificates are mounted as read-only volumes in the Docker containers:
```yaml
volumes:
- ./config/ssl/nginx:/etc/ssl/nginx:ro
- ./config/ssl/keycloak:/opt/keycloak/conf:ro
# ... other mounts
```
## Certificate Renewal
### Automated Renewal (Let's Encrypt)
Set up a cron job for automatic renewal:
```bash
# Add to crontab
0 12 * * * /usr/bin/certbot renew --quiet --post-hook "docker-compose -f docker-compose.prod.yml restart nginx"
```
### Manual Renewal
1. Generate new certificates
2. Replace old certificates in SSL directories
3. Restart affected services:
```bash
docker-compose -f docker-compose.prod.yml restart nginx keycloak grafana prometheus
```
## Security Best Practices
1. **Use Strong Encryption**: Use at least 2048-bit RSA keys or 256-bit ECDSA keys
2. **Regular Rotation**: Rotate certificates regularly (annually or bi-annually)
3. **Secure Storage**: Store private keys securely and limit access
4. **Monitor Expiration**: Set up monitoring for certificate expiration
5. **Use HSTS**: Enable HTTP Strict Transport Security
6. **Perfect Forward Secrecy**: Use ECDHE cipher suites
7. **Certificate Transparency**: Monitor CT logs for unauthorized certificates
## Troubleshooting
### Common Issues
1. **Permission Denied**
```bash
# Fix file permissions
sudo chown -R $USER:$USER config/ssl/
chmod -R 755 config/ssl/
chmod 600 config/ssl/*/server.key
```
2. **Certificate Verification Failed**
```bash
# Verify certificate
openssl x509 -in config/ssl/nginx/server.crt -text -noout
# Check certificate chain
openssl verify -CAfile config/ssl/nginx/ca.crt config/ssl/nginx/server.crt
```
3. **TLS Handshake Errors**
- Check certificate validity dates
- Verify certificate matches hostname
- Ensure proper cipher suite configuration
### Testing SSL Configuration
```bash
# Test SSL certificate
openssl s_client -connect your-domain.com:443 -servername your-domain.com
# Test with specific protocol
openssl s_client -connect your-domain.com:443 -tls1_2
# Check certificate expiration
openssl x509 -in config/ssl/nginx/server.crt -noout -dates
```
## Support
For certificate-related issues:
1. Check service logs: `docker-compose -f docker-compose.prod.yml logs [service-name]`
2. Verify certificate files exist and have correct permissions
3. Test SSL configuration with OpenSSL tools
4. Consult service-specific SSL documentation
docker-commands-fix.md
-61
View File
@@ -1,61 +0,0 @@
# Docker-Compose Fehler Behebung
## Problem
Die docker-compose Befehle schlugen fehl mit dem Fehler:
```
ERROR: .FileNotFoundError: [Errno 2] No such file or directory: './docker-compose.yml'
```
## Ursache
Die Befehle wurden aus dem falschen Verzeichnis ausgeführt:
- **Falsch**: `/home/stefan-mo/WsMeldestelle/Meldestelle/.junie/guidelines/`
- **Richtig**: `/home/stefan-mo/WsMeldestelle/Meldestelle/` (Projekt-Root)
## Lösung
Alle docker-compose Befehle müssen aus dem Projekt-Root-Verzeichnis ausgeführt werden:
```bash
# Zuerst zum richtigen Verzeichnis wechseln
cd /home/stefan-mo/WsMeldestelle/Meldestelle
# Dann die Befehle ausführen:
# 1. Alle Services einschließlich Clients
docker-compose \
-f docker-compose.yml \
-f docker-compose.services.yml \
-f docker-compose.clients.yml \
up -d
# 2. Nur Infrastructure für Backend-Entwicklung
docker-compose -f docker-compose.yml up -d postgres redis kafka consul zipkin
# 3. Mit Debug-Unterstützung für Service-Entwicklung
DEBUG=true SPRING_PROFILES_ACTIVE=docker \
docker-compose -f docker-compose.yml -f docker-compose.services.yml up -d
# 4. Mit Live-Reload für Frontend-Entwicklung
docker-compose -f docker-compose.yml -f docker-compose.override.yml up -d
```
## Verifikation
Die folgenden Dateien existieren im Projekt-Root:
-`docker-compose.yml` (Infrastructure Services)
-`docker-compose.services.yml` (Application Services)
-`docker-compose.clients.yml` (Client Applications)
-`docker-compose.override.yml` (Development Overrides)
## Zusätzliche Befehle
```bash
# Services stoppen
docker-compose down
# Services mit Volumes entfernen
docker-compose down -v
# Logs anzeigen
docker-compose logs -f [service-name]
# Status prüfen
docker-compose ps
```
docker-compose-errors-complete-fix.md
-148
View File
@@ -1,148 +0,0 @@
# Docker-Compose Fehler Behebung - Vollständige Lösung
## Problemübersicht
Die folgenden Fehler wurden beim Ausführen der docker-compose Befehle identifiziert und behoben:
1. **Network-Konfigurationsfehler**: `meldestelle-network declared as external, but could not be found`
2. **ContainerConfig KeyError**: Fehler beim Inspizieren bestehender Container
3. **API Gateway Service-Fehler**: `Service api-gateway has neither an image nor a build context specified`
4. **Deploy Resource Warnings**: Unsupported `reservations.cpus` sub-keys
## 🔧 Angewendete Lösungen
### 1. Network-Konfiguration korrigiert ✓
**Problem**: Inkonsistente Network-Definitionen zwischen compose-Dateien
- `docker-compose.yml`: `driver: bridge`
- `docker-compose.services.yml` und `docker-compose.clients.yml`: `external: true`
**Lösung**:
- Entfernung von `external: true` aus allen compose-Dateien
- Einheitliche Verwendung von `driver: bridge`
### 2. ContainerConfig KeyError behoben ✓
**Problem**: Korrupte Container-Metadaten von vorherigen Runs
**Lösung**:
- Bereinigung aller bestehenden Container
- Befehl: `docker rm $(docker ps -a -q --filter "name=meldestelle")`
### 3. API Gateway Service-Konfiguration ✓
**Problem**: `docker-compose.override.yml` referenziert Services, die nicht in der Basis-Konfiguration definiert sind
**Lösung**:
- Korrekte Verwendung der compose-Datei-Kombinationen
- `docker-compose.override.yml` nur zusammen mit `docker-compose.services.yml` verwenden
### 4. Deploy Resource Warnings eliminiert ✓
**Problem**: Docker Compose 1.29.2 unterstützt keine `reservations` unter `deploy.resources`
**Lösung**:
- Entfernung aller `reservations` Sektionen aus `docker-compose.services.yml`
- Beibehaltung der `limits` Konfigurationen
## ✅ Korrekte Docker-Compose Befehle
### Vorbereitung (einmalig nach Fehlern)
```bash
# Zum richtigen Verzeichnis wechseln
cd /home/stefan-mo/WsMeldestelle/Meldestelle
# Bestehende Container bereinigen (falls ContainerConfig Fehler auftreten)
docker rm $(docker ps -a -q --filter "name=meldestelle") 2>/dev/null || true
# Verwaiste Images bereinigen (optional)
docker image prune -f
```
### 1. Alle Services einschließlich Clients
```bash
docker-compose \
-f docker-compose.yml \
-f docker-compose.services.yml \
-f docker-compose.clients.yml \
up -d
```
### 2. Nur Infrastructure für Backend-Entwicklung
```bash
docker-compose -f docker-compose.yml up -d postgres redis kafka consul zipkin
```
### 3. Mit Debug-Unterstützung für Service-Entwicklung
```bash
DEBUG=true SPRING_PROFILES_ACTIVE=docker \
docker-compose -f docker-compose.yml -f docker-compose.services.yml up -d
```
### 4. Mit Live-Reload für Frontend-Entwicklung
```bash
# WICHTIG: Nur verwenden wenn docker-compose.services.yml ebenfalls geladen wird
docker-compose \
-f docker-compose.yml \
-f docker-compose.services.yml \
-f docker-compose.override.yml \
up -d
```
## 🚨 Wichtige Hinweise
### Override-Datei Verwendung
- `docker-compose.override.yml` darf **NICHT** allein mit `docker-compose.yml` verwendet werden
- Grund: Override definiert nur Konfigurationsüberschreibungen, keine vollständigen Services
- **Richtig**: `-f docker-compose.yml -f docker-compose.services.yml -f docker-compose.override.yml`
- **Falsch**: `-f docker-compose.yml -f docker-compose.override.yml`
### Network-Konsistenz
- Alle compose-Dateien verwenden jetzt `driver: bridge` für `meldestelle-network`
- Keine `external: true` Deklarationen mehr vorhanden
- Network wird automatisch von Docker Compose erstellt
### Resource-Limits
- Nur `limits` werden verwendet (memory, cpus)
- `reservations` wurden entfernt (nicht unterstützt in Docker Compose 1.29.2)
- Services starten ohne Warnings
## 🔍 Fehlerbehebung
### Bei "ContainerConfig" Fehlern:
```bash
docker rm $(docker ps -a -q --filter "name=meldestelle") 2>/dev/null || true
docker-compose down --volumes --remove-orphans 2>/dev/null || true
```
### Bei Network-Fehlern:
```bash
docker network ls | grep meldestelle
docker network rm meldestelle-network 2>/dev/null || true
```
### Bei Build-Fehlern:
```bash
docker-compose build --no-cache --pull
```
## 🧪 Verifikation
### Status prüfen:
```bash
docker-compose ps
docker network ls | grep meldestelle
```
### Logs überwachen:
```bash
docker-compose logs -f [service-name]
```
### Services stoppen:
```bash
docker-compose down
# Mit Volumes entfernen:
docker-compose down -v
```
## ✅ Zusammenfassung
- ✅ Network-Konfiguration vereinheitlicht
- ✅ ContainerConfig-Fehler durch Container-Cleanup behoben
- ✅ API Gateway Service-Konfiguration korrigiert
- ✅ Deploy Resource Warnings eliminiert
- ✅ Korrekte Verwendung der compose-Datei-Kombinationen dokumentiert
Alle ursprünglichen Fehler wurden behoben. Die docker-compose Befehle sollten nun ohne Fehler oder Warnings ausgeführt werden können.
docker-compose.clients.yml
+136
View File
@@ -0,0 +1,136 @@
# ===================================================================
# Docker Compose - Client Applications
# Meldestelle Project - Frontend Components
# ===================================================================
# Usage:
# Mit Services: docker-compose -f docker-compose.yml -f docker-compose.services.yml -f docker-compose.clients.yml up -d
# Nur Frontend: docker-compose -f docker-compose.yml -f docker-compose.clients.yml up -d
# ===================================================================
services:
# ===================================================================
# Web Application (Kotlin Multiplatform)
# ===================================================================
web-app:
build:
context: .
dockerfile: dockerfiles/clients/web-app/Dockerfile
args:
CLIENT_PATH: client/common-ui
CLIENT_MODULE: web-app
CLIENT_NAME: meldestelle-web-app
container_name: meldestelle-web-app
environment:
NODE_ENV: ${NODE_ENV:-production}
API_BASE_URL: http://api-gateway:${GATEWAY_PORT:-8081}
WS_URL: ws://api-gateway:${GATEWAY_PORT:-8081}/ws
APP_TITLE: ${APP_NAME:-Meldestelle}
APP_VERSION: ${APP_VERSION:-1.0.0}
# Development specific
WEBPACK_DEV_SERVER_HOST: 0.0.0.0
WEBPACK_DEV_SERVER_PORT: 3000
ports:
- "3000:3000"
depends_on:
- api-gateway
networks:
- meldestelle-network
healthcheck:
test: ["CMD", "curl", "--fail", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.web-app.rule=Host(`localhost`) && PathPrefix(`/`)"
- "traefik.http.services.web-app.loadbalancer.server.port=3000"
# ===================================================================
# Auth Server (Custom Keycloak Extension)
# ===================================================================
auth-server:
build:
context: .
dockerfile: dockerfiles/infrastructure/auth-server/Dockerfile
container_name: meldestelle-auth-server
environment:
SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-dev}
SERVER_PORT: ${AUTH_SERVICE_PORT:-8087}
KEYCLOAK_SERVER_URL: http://keycloak:8080
KEYCLOAK_REALM: meldestelle
KEYCLOAK_CLIENT_ID: meldestelle-auth-service
KEYCLOAK_CLIENT_SECRET: ${KEYCLOAK_CLIENT_SECRET:-auth-service-secret}
DB_HOST: postgres
DB_PORT: 5432
DB_NAME: ${POSTGRES_DB:-meldestelle}
DB_USER: ${POSTGRES_USER:-meldestelle}
DB_PASSWORD: ${POSTGRES_PASSWORD:-meldestelle}
JWT_SECRET: ${JWT_SECRET:-meldestelle-jwt-secret-key-for-development-change-in-production}
JWT_ISSUER: ${JWT_ISSUER:-meldestelle-api}
JWT_AUDIENCE: ${JWT_AUDIENCE:-meldestelle-clients}
ports:
- "${AUTH_SERVICE_PORT:-8087}:${AUTH_SERVICE_PORT:-8087}"
depends_on:
keycloak:
condition: service_healthy
postgres:
condition: service_healthy
networks:
- meldestelle-network
healthcheck:
test: ["CMD", "curl", "--fail", "http://localhost:${AUTH_SERVICE_PORT:-8087}/actuator/health"]
interval: 15s
timeout: 5s
retries: 3
start_period: 30s
restart: unless-stopped
# ===================================================================
# Monitoring Server (Custom Grafana Extensions)
# ===================================================================
monitoring-server:
build:
context: .
dockerfile: dockerfiles/infrastructure/monitoring-server/Dockerfile
container_name: meldestelle-monitoring-server
environment:
SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-dev}
SERVER_PORT: 8088
GRAFANA_URL: http://grafana:3000
PROMETHEUS_URL: http://prometheus:9090
GRAFANA_ADMIN_USER: ${GF_SECURITY_ADMIN_USER:-admin}
GRAFANA_ADMIN_PASSWORD: ${GF_SECURITY_ADMIN_PASSWORD:-admin}
METRICS_AUTH_USERNAME: ${METRICS_AUTH_USERNAME:-admin}
METRICS_AUTH_PASSWORD: ${METRICS_AUTH_PASSWORD:-metrics}
ports:
- "8088:8088"
depends_on:
- api-gateway
networks:
- meldestelle-network
healthcheck:
test: ["CMD", "curl", "--fail", "http://localhost:8088/actuator/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 45s
restart: unless-stopped
volumes:
- monitoring-data:/app/data
- ./docker/monitoring:/app/config:ro
# ===================================================================
# Volumes für Client-spezifische Daten
# ===================================================================
volumes:
monitoring-data:
driver: local
# ===================================================================
# Networks (external reference to main network)
# ===================================================================
networks:
meldestelle-network:
external: true
docker-compose.services.yml
+232
View File
@@ -0,0 +1,232 @@
# ===================================================================
# Docker Compose - Microservices
# Meldestelle Project - Application Services
# ===================================================================
# Usage:
# Vollständiges System: docker-compose -f docker-compose.yml -f docker-compose.services.yml up -d
# ===================================================================
services:
# ===================================================================
# Ping Service (Health Check & Test Service)
# ===================================================================
ping-service:
build:
context: .
dockerfile: dockerfiles/services/ping-service/Dockerfile
container_name: meldestelle-ping-service
environment:
SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-dev}
SERVER_PORT: ${PING_SERVICE_PORT:-8082}
CONSUL_HOST: consul
CONSUL_PORT: ${CONSUL_PORT:-8500}
CONSUL_ENABLED: ${CONSUL_ENABLED:-true}
DB_HOST: postgres
DB_PORT: 5432
DB_NAME: ${POSTGRES_DB:-meldestelle}
DB_USER: ${POSTGRES_USER:-meldestelle}
DB_PASSWORD: ${POSTGRES_PASSWORD:-meldestelle}
REDIS_EVENT_STORE_HOST: redis
REDIS_EVENT_STORE_PORT: 6379
REDIS_EVENT_STORE_PASSWORD: ${REDIS_PASSWORD:-}
ports:
- "${PING_SERVICE_PORT:-8082}:${PING_SERVICE_PORT:-8082}"
depends_on:
consul:
condition: service_healthy
postgres:
condition: service_healthy
redis:
condition: service_healthy
networks:
- meldestelle-network
healthcheck:
test: ["CMD", "curl", "--fail", "http://localhost:${PING_SERVICE_PORT:-8082}/actuator/health"]
interval: 15s
timeout: 5s
retries: 3
start_period: 30s
restart: unless-stopped
# ===================================================================
# Members Service
# ===================================================================
members-service:
build:
context: .
dockerfile: dockerfiles/services/members-service/Dockerfile
container_name: meldestelle-members-service
environment:
SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-dev}
SERVER_PORT: ${MEMBERS_SERVICE_PORT:-8083}
CONSUL_HOST: consul
CONSUL_PORT: ${CONSUL_PORT:-8500}
CONSUL_ENABLED: ${CONSUL_ENABLED:-true}
DB_HOST: postgres
DB_PORT: 5432
DB_NAME: ${POSTGRES_DB:-meldestelle}
DB_USER: ${POSTGRES_USER:-meldestelle}
DB_PASSWORD: ${POSTGRES_PASSWORD:-meldestelle}
REDIS_EVENT_STORE_HOST: redis
REDIS_EVENT_STORE_PORT: 6379
REDIS_EVENT_STORE_PASSWORD: ${REDIS_PASSWORD:-}
KAFKA_BOOTSTRAP_SERVERS: kafka:29092
ports:
- "${MEMBERS_SERVICE_PORT:-8083}:${MEMBERS_SERVICE_PORT:-8083}"
depends_on:
consul:
condition: service_healthy
postgres:
condition: service_healthy
redis:
condition: service_healthy
api-gateway:
condition: service_healthy
networks:
- meldestelle-network
healthcheck:
test: ["CMD", "curl", "--fail", "http://localhost:${MEMBERS_SERVICE_PORT:-8083}/actuator/health"]
interval: 15s
timeout: 5s
retries: 3
start_period: 30s
restart: unless-stopped
# ===================================================================
# Horses Service
# ===================================================================
horses-service:
build:
context: .
dockerfile: dockerfiles/services/horses-service/Dockerfile
container_name: meldestelle-horses-service
environment:
SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-dev}
SERVER_PORT: ${HORSES_SERVICE_PORT:-8084}
CONSUL_HOST: consul
CONSUL_PORT: ${CONSUL_PORT:-8500}
CONSUL_ENABLED: ${CONSUL_ENABLED:-true}
DB_HOST: postgres
DB_PORT: 5432
DB_NAME: ${POSTGRES_DB:-meldestelle}
DB_USER: ${POSTGRES_USER:-meldestelle}
DB_PASSWORD: ${POSTGRES_PASSWORD:-meldestelle}
REDIS_EVENT_STORE_HOST: redis
REDIS_EVENT_STORE_PORT: 6379
REDIS_EVENT_STORE_PASSWORD: ${REDIS_PASSWORD:-}
KAFKA_BOOTSTRAP_SERVERS: kafka:29092
ports:
- "${HORSES_SERVICE_PORT:-8084}:${HORSES_SERVICE_PORT:-8084}"
depends_on:
consul:
condition: service_healthy
postgres:
condition: service_healthy
redis:
condition: service_healthy
api-gateway:
condition: service_healthy
networks:
- meldestelle-network
healthcheck:
test: ["CMD", "curl", "--fail", "http://localhost:${HORSES_SERVICE_PORT:-8084}/actuator/health"]
interval: 15s
timeout: 5s
retries: 3
start_period: 30s
restart: unless-stopped
# ===================================================================
# Events Service
# ===================================================================
events-service:
build:
context: .
dockerfile: dockerfiles/services/events-service/Dockerfile
container_name: meldestelle-events-service
environment:
SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-dev}
SERVER_PORT: ${EVENTS_SERVICE_PORT:-8085}
CONSUL_HOST: consul
CONSUL_PORT: ${CONSUL_PORT:-8500}
CONSUL_ENABLED: ${CONSUL_ENABLED:-true}
DB_HOST: postgres
DB_PORT: 5432
DB_NAME: ${POSTGRES_DB:-meldestelle}
DB_USER: ${POSTGRES_USER:-meldestelle}
DB_PASSWORD: ${POSTGRES_PASSWORD:-meldestelle}
REDIS_EVENT_STORE_HOST: redis
REDIS_EVENT_STORE_PORT: 6379
REDIS_EVENT_STORE_PASSWORD: ${REDIS_PASSWORD:-}
KAFKA_BOOTSTRAP_SERVERS: kafka:29092
ports:
- "${EVENTS_SERVICE_PORT:-8085}:${EVENTS_SERVICE_PORT:-8085}"
depends_on:
consul:
condition: service_healthy
postgres:
condition: service_healthy
redis:
condition: service_healthy
api-gateway:
condition: service_healthy
networks:
- meldestelle-network
healthcheck:
test: ["CMD", "curl", "--fail", "http://localhost:${EVENTS_SERVICE_PORT:-8085}/actuator/health"]
interval: 15s
timeout: 5s
retries: 3
start_period: 30s
restart: unless-stopped
# ===================================================================
# Masterdata Service
# ===================================================================
masterdata-service:
build:
context: .
dockerfile: dockerfiles/services/masterdata-service/Dockerfile
container_name: meldestelle-masterdata-service
environment:
SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-dev}
SERVER_PORT: ${MASTERDATA_SERVICE_PORT:-8086}
CONSUL_HOST: consul
CONSUL_PORT: ${CONSUL_PORT:-8500}
CONSUL_ENABLED: ${CONSUL_ENABLED:-true}
DB_HOST: postgres
DB_PORT: 5432
DB_NAME: ${POSTGRES_DB:-meldestelle}
DB_USER: ${POSTGRES_USER:-meldestelle}
DB_PASSWORD: ${POSTGRES_PASSWORD:-meldestelle}
REDIS_EVENT_STORE_HOST: redis
REDIS_EVENT_STORE_PORT: 6379
REDIS_EVENT_STORE_PASSWORD: ${REDIS_PASSWORD:-}
KAFKA_BOOTSTRAP_SERVERS: kafka:29092
ports:
- "${MASTERDATA_SERVICE_PORT:-8086}:${MASTERDATA_SERVICE_PORT:-8086}"
depends_on:
consul:
condition: service_healthy
postgres:
condition: service_healthy
redis:
condition: service_healthy
api-gateway:
condition: service_healthy
networks:
- meldestelle-network
healthcheck:
test: ["CMD", "curl", "--fail", "http://localhost:${MASTERDATA_SERVICE_PORT:-8086}/actuator/health"]
interval: 15s
timeout: 5s
retries: 3
start_period: 30s
restart: unless-stopped
# ===================================================================
# Networks (external reference to main network)
# ===================================================================
networks:
meldestelle-network:
external: true
docker-compose.yml
+103
View File
@@ -103,6 +103,105 @@ services:
start_period: 15s
restart: unless-stopped
# ===================================================================
# Messaging (Kafka & Zookeeper)
# ===================================================================
zookeeper:
image: confluentinc/cp-zookeeper:7.4.0
container_name: meldestelle-zookeeper
environment:
ZOOKEEPER_CLIENT_PORT: ${ZOOKEEPER_CLIENT_PORT:-2181}
ZOOKEEPER_TICK_TIME: 2000
ports:
- "${ZOOKEEPER_CLIENT_PORT:-2181}:2181"
networks:
- meldestelle-network
healthcheck:
test: ["CMD", "bash", "-c", "echo 'ruok' | nc localhost 2181"]
interval: 10s
timeout: 5s
retries: 3
start_period: 15s
restart: unless-stopped
kafka:
image: confluentinc/cp-kafka:7.4.0
container_name: meldestelle-kafka
environment:
KAFKA_BROKER_ID: ${KAFKA_BROKER_ID:-1}
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:${KAFKA_PORT:-9092}
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: ${KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR:-1}
ports:
- "${KAFKA_PORT:-9092}:9092"
depends_on:
zookeeper:
condition: service_healthy
networks:
- meldestelle-network
healthcheck:
test: ["CMD", "kafka-broker-api-versions", "--bootstrap-server", "localhost:9092"]
interval: 10s
timeout: 5s
retries: 3
start_period: 30s
restart: unless-stopped
# ===================================================================
# Monitoring (Prometheus & Grafana)
# ===================================================================
prometheus:
image: prom/prometheus:v2.47.0
container_name: meldestelle-prometheus
ports:
- "${PROMETHEUS_PORT:-9090}:9090"
volumes:
- prometheus-data:/prometheus
- ./docker/monitoring/prometheus:/etc/prometheus:ro
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
- '--storage.tsdb.retention.time=200h'
- '--web.enable-lifecycle'
networks:
- meldestelle-network
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:9090/-/healthy"]
interval: 10s
timeout: 5s
retries: 3
start_period: 20s
restart: unless-stopped
grafana:
image: grafana/grafana:10.1.0
container_name: meldestelle-grafana
environment:
GF_SECURITY_ADMIN_USER: ${GF_SECURITY_ADMIN_USER:-admin}
GF_SECURITY_ADMIN_PASSWORD: ${GF_SECURITY_ADMIN_PASSWORD:-admin}
GF_USERS_ALLOW_SIGN_UP: ${GF_USERS_ALLOW_SIGN_UP:-false}
GF_INSTALL_PLUGINS: grafana-piechart-panel
ports:
- "${GRAFANA_PORT:-3000}:3000"
volumes:
- grafana-data:/var/lib/grafana
- ./docker/monitoring/grafana:/etc/grafana/provisioning:ro
depends_on:
- prometheus
networks:
- meldestelle-network
healthcheck:
test: ["CMD", "curl", "--fail", "http://localhost:3000/api/health"]
interval: 10s
timeout: 5s
retries: 3
start_period: 30s
restart: unless-stopped
# ===================================================================
# API Gateway
# ===================================================================
@@ -145,6 +244,10 @@ volumes:
driver: local
redis-data:
driver: local
prometheus-data:
driver: local
grafana-data:
driver: local
# ===================================================================
# Networks
fix_verification.md
-46
View File
@@ -1,46 +0,0 @@
# Ping Service 503 Error Fix Verification
## Problem Analysis
- **Issue**: GET http://localhost:8081/api/ping returns 503 SERVICE_UNAVAILABLE
- **Root Cause**: Gateway has Consul service discovery disabled (CONSUL_ENABLED:false) but uses load balancing route (lb://ping-service)
- **Evidence**:
- Gateway config line 23-26: `enabled: ${CONSUL_ENABLED:false}`
- Ping service is registered with Consul (register: true)
- Consul container is running and healthy
- Health endpoint shows ping-service is registered in Consul
## Solution Applied
**File**: `/home/stefan/WsMeldestelle/Meldestelle/infrastructure/gateway/src/main/resources/application.yml`
**Change**: Lines 23-26
```yaml
# BEFORE (causing 503 error)
enabled: ${CONSUL_ENABLED:false}
discovery:
enabled: ${CONSUL_ENABLED:false}
register: ${CONSUL_ENABLED:false}
# AFTER (fixes 503 error)
enabled: ${CONSUL_ENABLED:true}
discovery:
enabled: ${CONSUL_ENABLED:true}
register: ${CONSUL_ENABLED:true}
```
## Why This Fixes the Issue
1. **Service Discovery**: Gateway can now discover services registered in Consul
2. **Load Balancing**: `lb://ping-service` route can now resolve to actual service instances
3. **Health Checks**: Gateway can perform health checks on discovered services
4. **Automatic Routing**: Requests to `/api/ping/**` will be routed to the ping service at localhost:8082
## Expected Result
- GET http://localhost:8081/api/ping → 200 OK (routed to ping service)
- Gateway will discover ping-service from Consul registry
- Circuit breaker and retry mechanisms will work properly
- Service load balancing will function as designed
## Configuration Consistency
- **Gateway**: Consul discovery enabled ✓
- **Ping Service**: Consul registration enabled ✓
- **Consul**: Running and accessible on localhost:8500 ✓
- **Network**: All services can communicate ✓
gradle-dependency-resolution-fix.md
-177
View File
@@ -1,177 +0,0 @@
# Gradle Dependency Resolution Fix für Docker Build
## Problemanalyse
Der Docker Build für den api-gateway Service schlug fehl mit folgendem Fehler:
```
> No matching variant of project :infrastructure:auth:auth-client was found. The consumer was configured to find a library for use during runtime, compatible with Java 21, packaged as a jar, preferably optimized for standard JVMs, and its dependencies declared externally, as well as attribute 'org.jetbrains.kotlin.platform.type' with value 'jvm' but:
- No variants exist.
```
Das gleiche Problem trat auch bei `:infrastructure:monitoring:monitoring-client` auf.
## Grundursache
Die Bibliotheksmodule `auth-client` und `monitoring-client` waren nicht korrekt als Gradle-Bibliotheken konfiguriert und exponierten keine konsumierbare Varianten (API/Runtime) für abhängige Projekte wie das `api-gateway`.
## Angewendete Lösungen
### 1. Auth-Client Modul konfiguriert ✅
**Datei**: `/infrastructure/auth/auth-client/build.gradle.kts`
**Vorher**:
```kotlin
plugins {
alias(libs.plugins.kotlin.jvm)
alias(libs.plugins.kotlin.spring)
alias(libs.plugins.kotlin.serialization)
alias(libs.plugins.spring.boot) // ❌ Falsch für Bibliotheksmodul
alias(libs.plugins.spring.dependencyManagement)
}
// Manuelle JAR-Konfiguration erforderlich
tasks.getByName<org.springframework.boot.gradle.tasks.bundling.BootJar>("bootJar") {
enabled = false
}
tasks.getByName<Jar>("jar") {
enabled = true
}
```
**Nachher**:
```kotlin
plugins {
`java-library` // ✅ Erzeugt automatisch API/Runtime Varianten
alias(libs.plugins.kotlin.jvm)
alias(libs.plugins.kotlin.spring)
alias(libs.plugins.kotlin.serialization)
// Spring Boot Plugin entfernt ✅
alias(libs.plugins.spring.dependencyManagement)
}
// JAR-Konfiguration automatisch durch java-library Plugin ✅
```
### 2. Monitoring-Client Modul konfiguriert ✅
**Datei**: `/infrastructure/monitoring/monitoring-client/build.gradle.kts`
**Vorher**:
```kotlin
plugins {
alias(libs.plugins.kotlin.jvm)
alias(libs.plugins.kotlin.spring)
alias(libs.plugins.spring.dependencyManagement)
// Kein java-library Plugin ❌
}
```
**Nachher**:
```kotlin
plugins {
`java-library` // ✅ Hinzugefügt für Varianten-Exposition
alias(libs.plugins.kotlin.jvm)
alias(libs.plugins.kotlin.spring)
alias(libs.plugins.spring.dependencyManagement)
}
```
### 3. Gradle Projekt-Struktur vervollständigt ✅
Erstellt fehlende parent `build.gradle` Dateien für korrekte Multi-Modul-Struktur:
- `/infrastructure/build.gradle`
- `/infrastructure/auth/build.gradle`
- `/infrastructure/monitoring/build.gradle`
Diese Dateien sind minimal und dienen als Container für Subprojekte:
```gradle
// Infrastructure Module Container
// This is a container module for infrastructure-related subprojects
```
## Technische Details
### Was das `java-library` Plugin bewirkt:
- **Automatische Varianten-Erstellung**: Erstellt `apiElements` und `runtimeElements` Konfigurationen
- **Konsumierbare Artefakte**: Andere Projekte können diese Module als Abhängigkeiten verwenden
- **Transitive Abhängigkeiten**: Korrekte Behandlung von API vs. Implementation Dependencies
- **JAR-Erstellung**: Automatisches Erstellen von Standard-JAR-Dateien (nicht executable)
### Warum Spring Boot Plugin entfernt wurde:
- Spring Boot Plugin ist für **ausführbare Anwendungen** gedacht, nicht für Bibliotheken
- Erzeugt `bootJar` statt Standard-JAR, was für Bibliotheken ungeeignet ist
- Verhindert die Erstellung konsumierbarer Gradle-Varianten
### Multi-Modul-Struktur:
```
infrastructure/
├── build.gradle # Container
├── auth/
│ ├── build.gradle # Container
│ └── auth-client/
│ └── build.gradle.kts # Bibliothek mit java-library
└── monitoring/
├── build.gradle # Container
└── monitoring-client/
└── build.gradle.kts # Bibliothek mit java-library
```
## Verifikation
### Gradle-Konfiguration prüfen:
```bash
# Projekt-Struktur anzeigen
./gradlew projects
# Abhängigkeiten anzeigen
./gradlew :infrastructure:gateway:dependencies
# Varianten prüfen
./gradlew :infrastructure:auth:auth-client:outgoingVariants
./gradlew :infrastructure:monitoring:monitoring-client:outgoingVariants
```
### Docker Build testen:
```bash
# Sauberer Build ohne Cache
docker-compose -f docker-compose.yml -f docker-compose.services.yml build --no-cache api-gateway
# Vollständiger Stack
docker-compose \
-f docker-compose.yml \
-f docker-compose.services.yml \
-f docker-compose.clients.yml \
up -d --build
```
## Erwartetes Ergebnis
Nach Anwendung dieser Konfigurationen sollten:
1.`auth-client` und `monitoring-client` korrekte Gradle-Varianten exponieren
2.`api-gateway` diese Module erfolgreich als Abhängigkeiten auflösen können
3. ✅ Docker Build ohne "No variants exist" Fehler durchlaufen
4. ✅ Alle Services korrekt starten und funktionieren
## Zusätzliche Hinweise
- **BOM-Management**: Die zentrale Versionierung über `platform-bom` bleibt unverändert
- **Dependency Management**: Spring Dependency Management Plugin sorgt für konsistente Versionen
- **Kotlin Multiplatform**: Core-Module verwenden weiterhin Kotlin Multiplatform Plugin
- **Testing**: Platform-Testing Bundle stellt einheitliche Test-Dependencies bereit
## Rollback (falls nötig)
Um die Änderungen rückgängig zu machen:
```bash
git checkout HEAD -- infrastructure/auth/auth-client/build.gradle.kts
git checkout HEAD -- infrastructure/monitoring/monitoring-client/build.gradle.kts
rm infrastructure/build.gradle
rm infrastructure/auth/build.gradle
rm infrastructure/monitoring/build.gradle
```
## Status: ✅ IMPLEMENTIERT
Alle Konfigurationsänderungen wurden angewendet und sind bereit für Testing.
infrastructure/gateway/src/main/kotlin/at/mocode/infrastructure/gateway/config/GatewayConfig.kt
+5 -5
View File
@@ -134,7 +134,7 @@ class EnhancedLoggingFilter : GlobalFilter, Ordered {
class RateLimitingFilter : GlobalFilter, Ordered {
private val requestCounts = ConcurrentHashMap<String, RequestCounter>()
private val logger = org.slf4j.LoggerFactory.getLogger(RateLimitingFilter::class.java)
private val logger = LoggerFactory.getLogger(RateLimitingFilter::class.java)
// Timestamp der letzten Bereinigung
@Volatile
@@ -169,7 +169,7 @@ class RateLimitingFilter : GlobalFilter, Ordered {
val clientIp = getClientIp(request)
val path = request.path.value()
// Periodische Bereinigung des Caches zur Vermeidung von Memory Leaks
// Periodische Bereinigung des Caches zur Vermeidung von memory Leaks
performPeriodicCleanup()
val limit = determineRateLimit(request, path)
@@ -219,17 +219,17 @@ class RateLimitingFilter : GlobalFilter, Ordered {
private fun isAdminUser(request: ServerHttpRequest): Boolean {
// Sichere Rollenvalidierung basierend auf JWT-Authentifizierung
// Die X-User-Role wird vom JwtAuthenticationFilter nach erfolgreicher JWT-Validierung gesetzt
// die X-User-Role wird vom JwtAuthenticationFilter nach erfolgreicher JWT-Validierung gesetzt
val userRole = request.headers.getFirst("X-User-Role")
val userId = request.headers.getFirst("X-User-ID")
// Zusätzliche Sicherheitsprüfung: Beide Header müssen vorhanden sein
// Zusätzliche Sicherheitsprüfung: Beide Header müssen vorhanden sein.
// Dies reduziert die Wahrscheinlichkeit von Header-Spoofing
return userRole == "ADMIN" && userId != null
}
/**
* Bereinigt alte Einträge aus dem requestCounts Cache zur Vermeidung von Memory Leaks.
* Bereinigt alte Einträge aus dem requestCounts Cache zur Vermeidung von memory Leaks.
* Wird nur alle CLEANUP_INTERVAL_MS ausgeführt für bessere Performance.
*/
private fun performPeriodicCleanup() {
infrastructure/gateway/src/main/kotlin/at/mocode/infrastructure/gateway/metrics/GatewayMetricsConfig.kt
+4 -2
View File
@@ -94,11 +94,13 @@ class GatewayMetricsConfig {
/**
* Bean für Request Counter - ermöglicht Request-Volumen Tracking.
* Hinweis: Dieser Counter wird nur als Fallback registriert.
* Die tatsächlichen Requests werden mit dynamischen Tags im WebFilter erfasst.
*/
@Bean
fun requestCounter(meterRegistry: MeterRegistry): Counter {
return Counter.builder(GATEWAY_REQUESTS_COUNTER)
.description("Gesamtanzahl der Gateway-Requests")
return Counter.builder("${GATEWAY_REQUESTS_COUNTER}_fallback")
.description("Gateway-Requests Fallback Counter")
.register(meterRegistry)
}
infrastructure/gateway/src/main/resources/application.yml
+7
View File
@@ -250,6 +250,13 @@ management:
enabled: true
java:
enabled: true
# Tracing-Konfiguration - Zipkin deaktiviert da kein Service verfügbar
tracing:
sampling:
probability: 0.0 # Deaktiviert Tracing komplett
zipkin:
tracing:
endpoint: "" # Leer um Zipkin zu deaktivieren
# Erweiterte Logging-Konfiguration
logging:
scripts/validation/validate-env.sh
+19 -54
View File
@@ -7,79 +7,44 @@
# configured for the Meldestelle application.
# =============================================================================
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Counters
ERRORS=0
WARNINGS=0
CHECKS=0
echo -e "${BLUE}==============================================================================${NC}"
echo -e "${BLUE}Meldestelle - Environment Variables Validation${NC}"
echo -e "${BLUE}==============================================================================${NC}"
echo
# Function to print status
print_status() {
local status=$1
local message=$2
case $status in
"OK")
echo -e "${GREEN}${NC} $message"
;;
"WARNING")
echo -e "${YELLOW}${NC} $message"
((WARNINGS++))
;;
"ERROR")
echo -e "${RED}${NC} $message"
((ERRORS++))
;;
"INFO")
echo -e "${BLUE}${NC} $message"
;;
esac
((CHECKS++))
# Load common utilities
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# shellcheck source=../utils/common.sh
source "$SCRIPT_DIR/../utils/common.sh" || {
echo "Error: Could not load common utilities from $SCRIPT_DIR/../utils/common.sh"
exit 1
}
log_section "Meldestelle - Environment Variables Validation"
# Check if .env file exists
echo -e "${BLUE}1. Checking .env file...${NC}"
log_info "1. Checking .env file..."
if [ -f ".env" ]; then
print_status "OK" ".env file exists"
log_success ".env file exists"
# Load .env file
set -a
source .env
set +a
print_status "OK" ".env file loaded successfully"
log_success ".env file loaded successfully"
else
print_status "ERROR" ".env file not found"
echo -e "${RED}Please create a .env file based on the documentation.${NC}"
log_error ".env file not found"
log_error "Please create a .env file based on the documentation."
exit 1
fi
echo
# Check if docker-compose.yml exists
echo -e "${BLUE}2. Checking docker-compose.yml file...${NC}"
log_info "2. Checking docker-compose.yml file..."
if [ -f "docker-compose.yml" ]; then
print_status "OK" "docker-compose.yml file exists"
else
print_status "ERROR" "docker-compose.yml file not found"
log_error "docker-compose.yml file not found"
exit 1
fi
echo
# Define required environment variables
echo -e "${BLUE}3. Checking required environment variables...${NC}"
log_info "3. Checking required environment variables..."
# Application Configuration
check_var() {
@@ -89,11 +54,11 @@ check_var() {
local description=$3
if [ -n "$var_value" ]; then
print_status "OK" "$var_name is set: '$var_value'"
log_success "$var_name is set: '$var_value'"
elif [ "$is_required" = true ]; then
print_status "ERROR" "$var_name is required but not set ($description)"
log_error "$var_name is required but not set ($description)"
else
print_status "WARNING" "$var_name is not set ($description)"
log_warning "$var_name is not set ($description)"
fi
}
temp/README_TEMP.md
-355
View File
@@ -1,355 +0,0 @@
# Ping Service - Circuit Breaker Demo
## ⚠️ Wichtiger Hinweis
Dieses Modul (`:temp:ping-service`) ist ein **temporärer Service** ausschließlich für Testzwecke. Seine Aufgabe ist die Validierung der technischen Infrastruktur im Rahmen des **"Tracer Bullet"-Szenarios** und die Demonstration von **Circuit Breaker Patterns**.
Nachdem der End-to-End-Test erfolgreich war, sollte dieses Modul in der `settings.gradle.kts` wieder deaktiviert oder vollständig entfernt werden.
## 📋 Inhaltsverzeichnis
- [Überblick](#überblick)
- [Architektur & Features](#architektur--features)
- [API Endpoints](#api-endpoints)
- [Konfiguration](#konfiguration)
- [Lokale Entwicklung](#lokale-entwicklung)
- [Docker Deployment](#docker-deployment)
- [Testing](#testing)
- [Monitoring & Health Checks](#monitoring--health-checks)
- [Troubleshooting](#troubleshooting)
## 🎯 Überblick
Der `ping-service` ist ein Spring Boot Microservice, der die grundlegende Service-Architektur und moderne Resilience Patterns demonstriert:
- **Circuit Breaker Pattern** mit Resilience4j
- **Service Discovery** mit Spring Cloud Consul
- **Health Checks** und **Monitoring** mit Spring Boot Actuator
- **Containerisierte Deployment** mit optimiertem Docker Setup
- **Comprehensive Testing** mit Integration- und Unit-Tests
## 🏗️ Architektur & Features
### Technology Stack
- **Spring Boot 3.2.5** - Modern Java/Kotlin web framework
- **Kotlin** - Primary programming language
- **Resilience4j** - Circuit breaker and fault tolerance
- **Spring Cloud Consul** - Service discovery and configuration
- **Micrometer + Prometheus** - Metrics collection
- **Docker** - Containerization with multi-stage builds
### Circuit Breaker Configuration
Der Service verwendet Resilience4j Circuit Breaker mit folgenden Einstellungen:
- **Failure Rate Threshold**: 60% (Circuit öffnet bei 60% Fehlern)
- **Minimum Calls**: 4 (Mindestanzahl Calls für Berechnung)
- **Wait Duration**: 5s (Wartezeit im OPEN Status)
- **Half-Open Calls**: 3 (Anzahl Calls im HALF_OPEN Status)
## 🚀 API Endpoints
### 1. Standard Ping Endpoint
```http
GET /ping
```
**Beschreibung**: Einfacher Ping ohne Circuit Breaker
**Response**:
```json
{
"status": "pong"
}
```
### 2. Enhanced Ping mit Circuit Breaker
```http
GET /ping/enhanced?simulate=false
```
**Beschreibung**: Ping mit Circuit Breaker Schutz
**Query Parameter**:
- `simulate` (optional): `true` für Failure-Simulation
**Success Response**:
```json
{
"status": "pong",
"timestamp": "2025-08-14 12:26:30",
"service": "ping-service",
"circuitBreaker": "CLOSED"
}
```
**Fallback Response** (Circuit Breaker OPEN):
```json
{
"status": "fallback",
"message": "Service temporarily unavailable",
"timestamp": "2025-08-14 12:26:30",
"service": "ping-service-fallback",
"circuitBreaker": "OPEN",
"error": "Simulated service failure"
}
```
### 3. Health Check Endpoint
```http
GET /ping/health
```
**Beschreibung**: Health Check mit Circuit Breaker Status
**Response**:
```json
{
"status": "UP",
"timestamp": "2025-08-14 12:26:30",
"circuitBreaker": "CLOSED"
}
```
### 4. Test Failure Endpoint
```http
GET /ping/test-failure
```
**Beschreibung**: Endpoint zum Testen der Circuit Breaker Funktionalität (60% Failure Rate)
## ⚙️ Konfiguration
### Application Configuration (`application.yml`)
```yaml
spring:
application:
name: ping-service
cloud:
consul:
host: localhost
port: 8500
discovery:
register: true
health-check-path: /actuator/health
health-check-interval: 10s
server:
port: 8082
management:
endpoints:
web:
exposure:
include: health,info,circuitbreakers
endpoint:
health:
show-details: always
resilience4j:
circuitbreaker:
instances:
pingCircuitBreaker:
failure-rate-threshold: 60
minimum-number-of-calls: 4
wait-duration-in-open-state: 5s
permitted-number-of-calls-in-half-open-state: 3
```
### Environment Variables
- `SPRING_PROFILES_ACTIVE`: Aktives Spring Profil (default: `default`)
- `DEBUG`: Enable Debug-Modus (`true`/`false`, Debug Port: 5005)
- `SERVER_PORT`: Server Port (default: `8082`)
## 💻 Lokale Entwicklung
### Prerequisites
- Java 21+
- Docker (optional)
- Consul (für Service Discovery)
### Service starten
```bash
# Standard Start
./gradlew :temp:ping-service:bootRun
# Mit spezifischem Profil
./gradlew :temp:ping-service:bootRun -Pspring.profiles.active=dev
# Build JAR
./gradlew :temp:ping-service:bootJar
```
### Service testen
```bash
# Standard Ping
curl http://localhost:8082/ping
# Enhanced Ping
curl http://localhost:8082/ping/enhanced
# Health Check
curl http://localhost:8082/ping/health
# Circuit Breaker mit Simulation
curl "http://localhost:8082/ping/enhanced?simulate=true"
# Failure Test
curl http://localhost:8082/ping/test-failure
```
## 🐳 Docker Deployment
### Build Docker Image
```bash
# Von der Projekt-Root ausführen
docker build -t ping-service:latest -f temp/ping-service/Dockerfile .
```
### Run Container
```bash
# Standard Mode
docker run -p 8082:8082 ping-service:latest
# Debug Mode
docker run -p 8082:8082 -p 5005:5005 -e DEBUG=true ping-service:latest
# Mit Environment Variables
docker run -p 8082:8082 \
-e SPRING_PROFILES_ACTIVE=prod \
-e LOGGING_LEVEL_ROOT=WARN \
ping-service:latest
```
### Docker Features
- **Multi-stage Build** für optimale Image-Größe
- **Non-root User** für bessere Sicherheit
- **Health Checks** integriert
- **JVM Optimierungen** für Container-Umgebung
- **Debug Support** über Environment Variables
## 🧪 Testing
### Unit Tests ausführen
```bash
./gradlew :temp:ping-service:test
```
### Integration Tests
```bash
./gradlew :temp:ping-service:integrationTest
```
### Test Coverage
Der Service enthält umfassende Tests für:
- **Controller Tests**: API Endpoint Validierung
- **Circuit Breaker Tests**: Resilience4j Integration
- **Integration Tests**: End-to-End Scenarios
- **Health Check Tests**: Actuator Endpoint Validation
### Test Klassen
- `PingControllerTest`: Controller Unit Tests
- `PingControllerIntegrationTest`: Full Spring Context Tests
- `PingServiceCircuitBreakerTest`: Circuit Breaker Logic Tests
## 📊 Monitoring & Health Checks
### Actuator Endpoints
- **Health**: `GET /actuator/health`
- **Health Readiness**: `GET /actuator/health/readiness`
- **Health Liveness**: `GET /actuator/health/liveness`
- **Info**: `GET /actuator/info`
- **Circuit Breakers**: `GET /actuator/circuitbreakers`
- **Metrics**: `GET /actuator/metrics`
- **Prometheus**: `GET /actuator/prometheus`
### Circuit Breaker Monitoring
```bash
# Circuit Breaker Status
curl http://localhost:8082/actuator/circuitbreakers
# Metrics
curl http://localhost:8082/actuator/metrics/resilience4j.circuitbreaker.calls
# Prometheus Format
curl http://localhost:8082/actuator/prometheus | grep circuit
```
### Service Discovery
Bei aktiviertem Consul wird der Service automatisch registriert:
- **Service Name**: `ping-service`
- **Health Check**: `/actuator/health`
- **Check Interval**: 10 Sekunden
## 🔧 Troubleshooting
### Häufige Probleme
#### 1. Service startet nicht (Port bereits belegt)
```bash
# Port prüfen
netstat -tlnp | grep 8082
# Alternativen Port verwenden
SERVER_PORT=8083 ./gradlew :temp:ping-service:bootRun
```
#### 2. Circuit Breaker öffnet nicht
- Mindestens 4 Calls erforderlich (siehe `minimum-number-of-calls`)
- 60% Failure Rate erforderlich
- Verwende `/ping/test-failure` für Tests
#### 3. Consul Connection Failed
```bash
# Consul Status prüfen
consul agent -dev
# Oder Service ohne Consul starten
spring.cloud.consul.discovery.enabled=false
```
#### 4. Docker Build Fails
```bash
# Build Context prüfen - muss von Projekt-Root ausgeführt werden
docker build -t ping-service:test -f temp/ping-service/Dockerfile .
# Nicht von temp/ping-service/ ausführen!
```
### Debug Mode
```bash
# Debug Mode aktivieren
DEBUG=true ./gradlew :temp:ping-service:bootRun
# Debug Port: 5005
```
### Logs
```bash
# Alle Logs
docker logs <container-id>
# Circuit Breaker Logs
docker logs <container-id> 2>&1 | grep -i circuit
# Health Check Logs
docker logs <container-id> 2>&1 | grep -i health
```
## 📝 Entwicklungsnotizen
### Warum Circuit Breaker?
Der Circuit Breaker Pattern verhindert:
- **Cascade Failures**: Verhindert Ausfall-Kaskaden
- **Resource Exhaustion**: Schont Ressourcen bei Service-Problemen
- **Fast Failure**: Schnelle Fehlerrückmeldung statt lange Timeouts
### Fallback Strategy
Bei OPEN Circuit Breaker:
- Sofortige Fallback-Response (keine Latenz)
- Informative Fehlermeldungen
- Status-Informationen für Debugging
### Production Readiness
- Health Checks für Kubernetes/Docker
- Prometheus Metriken für Monitoring
- Non-root Container für Sicherheit
- Optimierte JVM Settings für Container
---
**Letzte Aktualisierung**: 2025-08-14
**Version**: 1.0.0
**Maintainer**: Meldestelle Development Team
test-dockerfile.sh
-163
View File
@@ -1,163 +0,0 @@
#!/bin/bash
# Test script to validate the kotlin-multiplatform-web.Dockerfile template
# - Robust pre-checks (Docker, buildx, file existence)
# - Safer bash settings, clear diagnostics
# - Uses ephemeral ports for container run test (avoids conflicts)
# - Cleans up containers/images even on failure
set -Eeuo pipefail
DOCKERFILE_PATH="dockerfiles/templates/kotlin-multiplatform-web.Dockerfile"
SCRIPT_NAME="$(basename "$0")"
# Unique suffix to avoid tag/container collisions
RAND_SUFFIX=$(date +%s)-$RANDOM
IMAGE_DEFAULT="test-kotlin-web:default-${RAND_SUFFIX}"
IMAGE_CUSTOM="test-kotlin-web:custom-${RAND_SUFFIX}"
CONTAINER_NAME="test-container-${RAND_SUFFIX}"
cleanup() {
echo "[cleanup] Stopping/removing test resources (if any)..." || true
docker rm -f "$CONTAINER_NAME" >/dev/null 2>&1 || true
docker rmi "$IMAGE_DEFAULT" "$IMAGE_CUSTOM" >/dev/null 2>&1 || true
}
trap cleanup EXIT
info() { echo "[INFO] $*"; }
success(){ echo "[ OK ] $*"; }
warn() { echo "[WARN] $*"; }
fail() { echo "[FAIL] $*"; exit 1; }
info "Testing Kotlin Multiplatform Web Dockerfile Template"
echo "======================================================="
# -------------------------------------------------------------------
# 0. Pre-checks
# -------------------------------------------------------------------
command -v docker >/dev/null 2>&1 || fail "Docker is not installed or not in PATH"
if ! docker info >/dev/null 2>&1; then
fail "Docker does not seem to be running or accessible for the current user"
fi
if [ ! -f "$DOCKERFILE_PATH" ]; then
fail "Dockerfile not found at: $DOCKERFILE_PATH"
fi
HAS_BUILDX=1
if ! docker buildx version >/dev/null 2>&1; then
HAS_BUILDX=0
warn "docker buildx not available; skipping buildx-specific syntax check"
fi
# -------------------------------------------------------------------
# 1. Static checks on Dockerfile structure
# -------------------------------------------------------------------
info "1) Validating Dockerfile structure and ARG definitions"
# Required ARG variables must be defined (somewhere in the file)
if grep -q "^ARG CLIENT_PATH=" "$DOCKERFILE_PATH" \
&& grep -q "^ARG CLIENT_MODULE=" "$DOCKERFILE_PATH" \
&& grep -q "^ARG CLIENT_NAME=" "$DOCKERFILE_PATH"; then
success "Required ARG declarations found"
else
fail "Missing required ARG declarations (CLIENT_PATH, CLIENT_MODULE, CLIENT_NAME)"
fi
# Ensure expected stages are present
if grep -qiE "^FROM .* as kotlin-builder" "$DOCKERFILE_PATH" && \
grep -qiE "^FROM .* as runtime" "$DOCKERFILE_PATH"; then
success "Build stages 'kotlin-builder' and 'runtime' found"
else
fail "Expected stages 'kotlin-builder' and/or 'runtime' not found"
fi
# Verify that ARGs are re-declared in both stages (search within ~40 lines after each stage marker)
kotlin_builder_args=$(grep -n "^FROM .* [Aa][Ss] kotlin-builder" "$DOCKERFILE_PATH" | cut -d: -f1 | xargs -I{} sh -c "sed -n '{}','{}+40p' '$DOCKERFILE_PATH' | grep -c '^ARG'" || echo 0)
runtime_args=$(grep -n "^FROM .* [Aa][Ss] runtime" "$DOCKERFILE_PATH" | cut -d: -f1 | xargs -I{} sh -c "sed -n '{}','{}+40p' '$DOCKERFILE_PATH' | grep -c '^ARG'" || echo 0)
if [ "${kotlin_builder_args:-0}" -ge 3 ] && [ "${runtime_args:-0}" -ge 3 ]; then
success "ARG declarations appear in both build stages"
else
fail "ARG declarations appear to be missing in one or both build stages"
fi
# Optional: attempt a lightweight parsing via buildx (does not necessarily run heavy build)
if [ "$HAS_BUILDX" -eq 1 ]; then
info "Performing basic Dockerfile parsing with buildx (no image kept)"
# Try to parse/resolve without caching; don't fail the whole flow on noisy build output
if docker buildx build --no-cache -f "$DOCKERFILE_PATH" --platform linux/amd64 . \
2>&1 | head -50 | grep -q "ERROR.*failed to solve"; then
fail "Dockerfile has parsing errors (buildx failed to solve)"
else
success "Dockerfile basic parsing passed"
fi
else
warn "Skipping buildx parsing check"
fi
# -------------------------------------------------------------------
# 2. Build with default arguments (web-app)
# -------------------------------------------------------------------
info "2) Building image with default arguments (web-app)"
if docker build --no-cache -f "$DOCKERFILE_PATH" -t "$IMAGE_DEFAULT" .; then
success "Build with default arguments successful"
else
fail "Build with default arguments failed"
fi
# -------------------------------------------------------------------
# 3. Build with custom arguments (desktop-app scenario)
# -------------------------------------------------------------------
info "3) Building image with custom arguments (desktop-app scenario)"
if docker build --no-cache -f "$DOCKERFILE_PATH" \
--build-arg CLIENT_PATH=client/desktop-app \
--build-arg CLIENT_MODULE=client:desktop-app \
--build-arg CLIENT_NAME=desktop-app \
-t "$IMAGE_CUSTOM" .; then
success "Build with custom arguments successful"
else
warn "Build with custom arguments failed (this can be expected if desktop-app lacks proper assets/nginx.conf)"
fi
# -------------------------------------------------------------------
# 4. Run container and validate it responds over HTTP
# -------------------------------------------------------------------
info "4) Running container from default image and validating HTTP response"
# -P maps service ports to random host ports; then detect the mapped port
if docker run --rm -d --name "$CONTAINER_NAME" -P "$IMAGE_DEFAULT" >/dev/null; then
# Determine mapped host port for container port 80
sleep 3
HOST_PORT=$(docker port "$CONTAINER_NAME" 80/tcp | sed -E 's/.*:(\d+)/\1/' | head -n1 || true)
if [ -z "${HOST_PORT:-}" ]; then
docker logs "$CONTAINER_NAME" || true
fail "Could not determine mapped host port for container"
fi
# Try a few times to allow nginx to start
for i in {1..10}; do
if curl -fsS "http://127.0.0.1:${HOST_PORT}" >/dev/null 2>&1; then
success "Container responded over HTTP on localhost:${HOST_PORT}"
break
fi
sleep 1
done
# Final check (if not succeeded yet)
if ! curl -fsS "http://127.0.0.1:${HOST_PORT}" >/dev/null 2>&1; then
docker logs "$CONTAINER_NAME" || true
fail "Container started but did not respond on HTTP port"
fi
else
fail "Container failed to start"
fi
# -------------------------------------------------------------------
# 5. Done (cleanup happens via trap)
# -------------------------------------------------------------------
echo ""
echo "======================================================="
success "All tests completed successfully. The Dockerfile template looks healthy."
echo "Highlights:"
echo " - Verified presence of required ARGs and stages"
echo " - Performed basic parsing (when buildx available)"
echo " - Built images (default + custom args)"
echo " - Validated container HTTP responsiveness via ephemeral port"
echo "======================================================="
test_ping_fix.sh
-22
View File
@@ -1,22 +0,0 @@
#!/bin/bash
echo "Testing ping service fix..."
echo "=========================="
echo "1. Checking if services are running..."
echo "Consul:"
curl -s http://localhost:8500/v1/health/state/passing | jq -r '.[] | select(.ServiceName=="ping-service") | "Service: " + .ServiceName + ", Status: " + .Status'
echo ""
echo "Ping service health:"
curl -s http://localhost:8082/actuator/health | jq '.status'
echo ""
echo "2. Testing gateway ping endpoint..."
echo "GET http://localhost:8081/api/ping"
response=$(curl -s -w "\nHTTP_CODE:%{http_code}" http://localhost:8081/api/ping)
echo "$response"
echo ""
echo "3. Testing gateway actuator health..."
curl -s http://localhost:8081/actuator/health | jq '.status'
test_port_configuration.sh
-135
View File
@@ -1,135 +0,0 @@
#!/bin/bash
# =============================================================================
# Port Configuration Test Script
# =============================================================================
# This script verifies that the centralized port management is working correctly
# and that the original port conflicts have been resolved.
# =============================================================================
set -e
echo "🔍 Testing Port Configuration Changes..."
echo "========================================"
echo
# Load environment variables from .env file
if [ -f ".env" ]; then
echo "📝 Loading .env file..."
source .env
echo "✅ .env file loaded successfully"
else
echo "❌ .env file not found!"
exit 1
fi
echo
echo "🔧 Current Port Configuration:"
echo "------------------------------"
echo "Gateway Port: ${GATEWAY_PORT:-8081}"
echo "Ping Service Port: ${PING_SERVICE_PORT:-8082}"
echo "Consul Port: ${CONSUL_PORT:-8500}"
echo "Redis Port: ${REDIS_PORT:-6379}"
echo
# Test 1: Check that Gateway and Ping Service have different ports
echo "🧪 Test 1: Port Conflict Resolution"
echo "-----------------------------------"
GATEWAY_TEST_PORT=${GATEWAY_PORT:-8081}
PING_TEST_PORT=${PING_SERVICE_PORT:-8082}
if [ "$GATEWAY_TEST_PORT" -ne "$PING_TEST_PORT" ]; then
echo "✅ PASS: Gateway ($GATEWAY_TEST_PORT) and Ping Service ($PING_TEST_PORT) have different ports"
else
echo "❌ FAIL: Gateway and Ping Service still have the same port!"
exit 1
fi
# Test 2: Verify all services have unique ports
echo
echo "🧪 Test 2: All Services Have Unique Ports"
echo "------------------------------------------"
ALL_PORTS=("$GATEWAY_TEST_PORT" "$PING_TEST_PORT" "${CONSUL_PORT:-8500}" "${REDIS_PORT:-6379}")
UNIQUE_PORTS=()
while IFS= read -r line; do
UNIQUE_PORTS+=("$line")
done < <(printf "%s\n" "${ALL_PORTS[@]}" | sort -u)
if [ ${#ALL_PORTS[@]} -eq ${#UNIQUE_PORTS[@]} ]; then
echo "✅ PASS: All services have unique ports"
echo " Gateway: $GATEWAY_TEST_PORT"
echo " Ping Service: $PING_TEST_PORT"
echo " Consul: ${CONSUL_PORT:-8500}"
echo " Redis: ${REDIS_PORT:-6379}"
else
echo "❌ FAIL: Port conflicts detected!"
echo " All ports: ${ALL_PORTS[*]}"
echo " Unique ports: ${UNIQUE_PORTS[*]}"
exit 1
fi
# Test 3: Check docker-compose environment variable substitution
echo
echo "🧪 Test 3: Docker Compose Configuration"
echo "---------------------------------------"
if grep -q "\${GATEWAY_PORT:-8081}" docker-compose.yml; then
echo "✅ PASS: docker-compose.yml uses GATEWAY_PORT environment variable"
else
echo "❌ FAIL: docker-compose.yml doesn't use GATEWAY_PORT environment variable"
exit 1
fi
if grep -q "\${CONSUL_PORT:-8500}" docker-compose.yml; then
echo "✅ PASS: docker-compose.yml uses CONSUL_PORT environment variable"
else
echo "❌ FAIL: docker-compose.yml doesn't use CONSUL_PORT environment variable"
exit 1
fi
# Test 4: Check application.yml files use environment variables
echo
echo "🧪 Test 4: Application Configuration"
echo "-----------------------------------"
if grep -q "\${GATEWAY_PORT:8081}" infrastructure/gateway/src/main/resources/application.yml; then
echo "✅ PASS: Gateway application.yml uses GATEWAY_PORT environment variable"
else
echo "❌ FAIL: Gateway application.yml doesn't use GATEWAY_PORT environment variable"
exit 1
fi
if grep -q "\${PING_SERVICE_PORT:8082}" temp/ping-service/src/main/resources/application.yml; then
echo "✅ PASS: Ping Service application.yml uses PING_SERVICE_PORT environment variable"
else
echo "❌ FAIL: Ping Service application.yml doesn't use PING_SERVICE_PORT environment variable"
exit 1
fi
# Test 5: Check gradle.properties has port management
echo
echo "🧪 Test 5: Gradle Properties Configuration"
echo "------------------------------------------"
if grep -q "infrastructure.gateway.port=8081" gradle.properties; then
echo "✅ PASS: gradle.properties contains gateway port configuration"
else
echo "❌ FAIL: gradle.properties missing gateway port configuration"
exit 1
fi
if grep -q "services.port.ping=8082" gradle.properties; then
echo "✅ PASS: gradle.properties contains ping service port configuration"
else
echo "❌ FAIL: gradle.properties missing ping service port configuration"
exit 1
fi
echo
echo "🎉 All Tests Passed!"
echo "==================="
echo "✅ Port conflicts have been successfully resolved"
echo "✅ Centralized port management is properly implemented"
echo "✅ Gateway will use port $GATEWAY_TEST_PORT"
echo "✅ Ping Service will use port $PING_TEST_PORT"
echo "✅ All infrastructure services have unique ports"
echo "✅ Configuration follows single source of truth principle"
echo
echo "🚀 The implementation meets all requirements from the issue description!"