From 2dc6a06990f43784d296f876ac9087235593684d Mon Sep 17 00:00:00 2001 From: stefan Date: Sat, 6 Sep 2025 13:35:32 +0200 Subject: [PATCH] =?UTF-8?q?ein=20wenig=20aufger=C3=A4umt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .env | 203 +--------- .env.template | 27 -- ESSENTIAL_TESTS_INTEGRATION_SUMMARY.md | 193 ---------- INFRASTRUCTURE_ANALYSIS_SUMMARY.md | 173 --------- Makefile | 142 +++++-- README-DOCKER.md | 299 +++++++++++++++ README-ENV.md | 53 ++- README-PRODUCTION.md | 9 +- TODO-Containerisierungsstrategie.md | 235 ------------ TODO-Roadmap.md | 255 ------------- TODO.md | 23 -- WEBPACK_OPTIMIZATION_SUCCESS.md | 46 --- auth-server-new.log | 198 ---------- auth-server.log | 125 ------ config/.env.dev | 163 ++++++++ .env.prod.example => config/.env.prod | 207 +++------- config/.env.staging | 163 ++++++++ config/.env.template | 178 +++++++++ config/.env.test | 163 ++++++++ config/README.md | 185 +++++++++ config/application-dev.properties | 13 - config/application-prod.properties | 16 - config/application-staging.properties | 16 - config/application-test.properties | 14 - config/application.properties | 32 -- config/ssl/README.md | 220 ----------- docker-commands-fix.md | 61 --- docker-compose-errors-complete-fix.md | 148 -------- docker-compose.clients.yml | 136 +++++++ docker-compose.services.yml | 232 ++++++++++++ docker-compose.yml | 103 +++++ fix_verification.md | 46 --- gradle-dependency-resolution-fix.md | 177 --------- .../gateway/config/GatewayConfig.kt | 10 +- .../gateway/metrics/GatewayMetricsConfig.kt | 6 +- .../src/main/resources/application.yml | 7 + scripts/validation/validate-env.sh | 73 +--- temp/README_TEMP.md | 355 ------------------ test-dockerfile.sh | 163 -------- test_ping_fix.sh | 22 -- test_port_configuration.sh | 135 ------- 41 files changed, 1872 insertions(+), 3153 deletions(-) mode change 100644 => 120000 .env delete mode 100644 .env.template delete mode 100644 ESSENTIAL_TESTS_INTEGRATION_SUMMARY.md delete mode 100644 INFRASTRUCTURE_ANALYSIS_SUMMARY.md create mode 100644 README-DOCKER.md delete mode 100644 TODO-Containerisierungsstrategie.md delete mode 100644 TODO-Roadmap.md delete mode 100644 TODO.md delete mode 100644 WEBPACK_OPTIMIZATION_SUCCESS.md delete mode 100644 auth-server-new.log delete mode 100644 auth-server.log create mode 100644 config/.env.dev rename .env.prod.example => config/.env.prod (51%) create mode 100644 config/.env.staging create mode 100644 config/.env.template create mode 100644 config/.env.test create mode 100644 config/README.md delete mode 100644 config/application-dev.properties delete mode 100644 config/application-prod.properties delete mode 100644 config/application-staging.properties delete mode 100644 config/application-test.properties delete mode 100644 config/application.properties delete mode 100644 config/ssl/README.md delete mode 100644 docker-commands-fix.md delete mode 100644 docker-compose-errors-complete-fix.md create mode 100644 docker-compose.clients.yml create mode 100644 docker-compose.services.yml delete mode 100644 fix_verification.md delete mode 100644 gradle-dependency-resolution-fix.md delete mode 100644 temp/README_TEMP.md delete mode 100755 test-dockerfile.sh delete mode 100755 test_ping_fix.sh delete mode 100755 test_port_configuration.sh diff --git a/.env b/.env deleted file mode 100644 index a60ca0e4..00000000 --- a/.env +++ /dev/null @@ -1,202 +0,0 @@ -# ============================================================================= -# Meldestelle - Environment Configuration -# ============================================================================= -# This file contains all environment variables for the Meldestelle application. -# Adjust values as needed for your local development environment. -# -# ⚠️ SECURITY WARNING: -# - Never commit production secrets to version control -# - Change JWT_SECRET in production -# - Use strong passwords for production environments -# - Rotate API keys regularly -# ============================================================================= - -# ============================================================================= -# 1. PORT MANAGEMENT - SINGLE SOURCE OF TRUTH -# ============================================================================= -# Gateway Ports -GATEWAY_PORT=8081 -GATEWAY_ADMIN_PORT=8080 - -# Service Ports (eindeutige Zuweisung) -PING_SERVICE_PORT=8082 -MEMBERS_SERVICE_PORT=8083 -HORSES_SERVICE_PORT=8084 -EVENTS_SERVICE_PORT=8085 -MASTERDATA_SERVICE_PORT=8086 -AUTH_SERVICE_PORT=8087 - -# Infrastructure Ports -CONSUL_PORT=8500 -REDIS_PORT=6379 -KAFKA_PORT=9092 -PROMETHEUS_PORT=9090 -GRAFANA_PORT=3000 - -# Development Notes for Multi-Developer Setup -# Developer 1: Verwende Standard-Ports -# Developer 2: Alle Ports +100 (GATEWAY_PORT=8181, etc.) -# Developer 3: Alle Ports +200 (GATEWAY_PORT=8281, etc.) - -# ============================================================================= -# 2. APPLICATION CONFIGURATION -# ============================================================================= -API_HOST=0.0.0.0 -API_PORT=8081 -APP_NAME=Meldestelle -APP_VERSION=1.0.0 -APP_DESCRIPTION='Pferdesport Meldestelle System' -APP_ENVIRONMENT=development - -# Development-specific settings -DEBUG_MODE=true -DEV_HOT_RELOAD=true - -# ============================================================================= -# 2. DATABASE CONFIGURATION (PostgreSQL) -# ============================================================================= -# Application database settings -DB_HOST=localhost -DB_PORT=5432 -DB_NAME=meldestelle -DB_USER=meldestelle -DB_PASSWORD=meldestelle -DB_MAX_POOL_SIZE=10 -DB_MIN_POOL_SIZE=5 -DB_AUTO_MIGRATE=true - -# Docker PostgreSQL container settings -POSTGRES_USER=meldestelle -POSTGRES_PASSWORD=meldestelle -POSTGRES_DB=meldestelle - -# External port for multiple developers (change if needed) -POSTGRES_EXTERNAL_PORT=5432 - -# ============================================================================= -# 3. REDIS CONFIGURATION -# ============================================================================= -# Event Store Configuration -REDIS_EVENT_STORE_HOST=localhost -REDIS_EVENT_STORE_PORT=6379 -REDIS_EVENT_STORE_PASSWORD= -REDIS_EVENT_STORE_DATABASE=0 -REDIS_EVENT_STORE_CONNECTION_TIMEOUT=2000 -REDIS_EVENT_STORE_READ_TIMEOUT=2000 -REDIS_EVENT_STORE_USE_POOLING=true -REDIS_EVENT_STORE_MAX_POOL_SIZE=8 -REDIS_EVENT_STORE_MIN_POOL_SIZE=2 - -# Cache Configuration -REDIS_CACHE_HOST=localhost -REDIS_CACHE_PORT=6379 -REDIS_CACHE_PASSWORD= -REDIS_CACHE_DATABASE=1 - -# External port for multiple developers (change if needed) -REDIS_EXTERNAL_PORT=6379 - -# Production Redis Password (for docker-compose.prod.yml) -REDIS_PASSWORD=redis-production-password-change-me - -# ============================================================================= -# 4. SECURITY CONFIGURATION -# ============================================================================= -JWT_SECRET=meldestelle-jwt-secret-key-for-development-change-in-production -JWT_ISSUER=meldestelle-api -JWT_AUDIENCE=meldestelle-clients -JWT_REALM=meldestelle -API_KEY=meldestelle-api-key-for-development - -# ============================================================================= -# 5. KEYCLOAK CONFIGURATION -# ============================================================================= -KEYCLOAK_ADMIN=admin -KEYCLOAK_ADMIN_PASSWORD=admin -KC_DB=postgres -KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak -KC_DB_USERNAME=meldestelle -KC_DB_PASSWORD=meldestelle - -# Production Keycloak hostname (for docker-compose.prod.yml) -KC_HOSTNAME=auth.meldestelle.local - -# ============================================================================= -# 6. SERVICE DISCOVERY (Consul) -# ============================================================================= -CONSUL_HOST=consul -SERVICE_DISCOVERY_ENABLED=true -SERVICE_DISCOVERY_REGISTER_SERVICES=true -SERVICE_DISCOVERY_HEALTH_CHECK_PATH=/health -SERVICE_DISCOVERY_HEALTH_CHECK_INTERVAL=10 - -# ============================================================================= -# 7. MESSAGING (Kafka) -# ============================================================================= -ZOOKEEPER_CLIENT_PORT=2181 -KAFKA_BROKER_ID=1 -KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181 -KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092 -KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT -KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT -KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1 - -# ============================================================================= -# 8. MONITORING -# ============================================================================= -# Grafana Configuration -GF_SECURITY_ADMIN_USER=admin -GF_SECURITY_ADMIN_PASSWORD=admin -GF_USERS_ALLOW_SIGN_UP=false - -# Metrics Authentication -METRICS_AUTH_USERNAME=admin -METRICS_AUTH_PASSWORD=metrics - -# Production hostnames (for docker-compose.prod.yml) -GRAFANA_HOSTNAME=grafana.meldestelle.local -PROMETHEUS_HOSTNAME=prometheus.meldestelle.local - -# ============================================================================= -# 9. LOGGING CONFIGURATION -# ============================================================================= -LOGGING_LEVEL=DEBUG -LOGGING_REQUESTS=true -LOGGING_RESPONSES=true -LOGGING_REQUEST_HEADERS=true -LOGGING_REQUEST_BODY=true -LOGGING_RESPONSE_HEADERS=true -LOGGING_RESPONSE_BODY=true -LOGGING_STRUCTURED=true -LOGGING_CORRELATION_ID=true -LOGGING_REQUEST_ID_HEADER=X-Request-ID - -# ============================================================================= -# 10. CORS AND RATE LIMITING -# ============================================================================= -SERVER_CORS_ENABLED=true -SERVER_CORS_ALLOWED_ORIGINS=* -RATELIMIT_ENABLED=true -RATELIMIT_GLOBAL_LIMIT=100 -RATELIMIT_GLOBAL_PERIOD_MINUTES=1 -RATELIMIT_INCLUDE_HEADERS=true - -# ============================================================================= -# DEVELOPMENT NOTES -# ============================================================================= -# For multiple developers working simultaneously, adjust these ports: -# -# Developer 1 (Standard): -# API_PORT=8081 -# POSTGRES_EXTERNAL_PORT=5432 -# REDIS_EXTERNAL_PORT=6379 -# -# Developer 2: -# API_PORT=8082 -# POSTGRES_EXTERNAL_PORT=5433 -# REDIS_EXTERNAL_PORT=6380 -# -# Developer 3: -# API_PORT=8083 -# POSTGRES_EXTERNAL_PORT=5434 -# REDIS_EXTERNAL_PORT=6381 diff --git a/.env b/.env new file mode 120000 index 00000000..377debf7 --- /dev/null +++ b/.env @@ -0,0 +1 @@ +config/.env.dev \ No newline at end of file diff --git a/.env.template b/.env.template deleted file mode 100644 index e2ce1d5e..00000000 --- a/.env.template +++ /dev/null @@ -1,27 +0,0 @@ -# =================================================================== -# Meldestelle Environment Variables Template -# Copy to .env and customize for your environment -# =================================================================== -# Database Configuration -POSTGRES_USER=meldestelle -POSTGRES_PASSWORD=meldestelle -POSTGRES_DB=meldestelle -# Redis Configuration -REDIS_PASSWORD= -# Keycloak Configuration -KEYCLOAK_ADMIN=admin -KEYCLOAK_ADMIN_PASSWORD=admin -KC_DB=postgres -KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak -KC_DB_USERNAME=meldestelle -KC_DB_PASSWORD=meldestelle -# JWT Configuration -JWT_SECRET=meldestelle-auth-secret-key-change-in-production -JWT_EXPIRATION=86400 -# Monitoring Configuration -GF_SECURITY_ADMIN_USER=admin -GF_SECURITY_ADMIN_PASSWORD=admin -# Production URLs (for production environment) -KC_HOSTNAME=auth.meldestelle.at -GRAFANA_HOSTNAME=monitor.meldestelle.at -PROMETHEUS_HOSTNAME=metrics.meldestelle.at diff --git a/ESSENTIAL_TESTS_INTEGRATION_SUMMARY.md b/ESSENTIAL_TESTS_INTEGRATION_SUMMARY.md deleted file mode 100644 index 267a7800..00000000 --- a/ESSENTIAL_TESTS_INTEGRATION_SUMMARY.md +++ /dev/null @@ -1,193 +0,0 @@ -# Essential Tests Integration Summary - Client Modules - -## Overview -This document summarizes the successful integration of essential tests across all client modules (`common-ui`, `desktop-app`, `web-app`) as requested for the "Tracer Bullet" development cycle. - -## Integration Results - -### ✅ All Client Module Tests Successfully Implemented -- **Common-UI**: Essential business logic tests ✓ -- **Desktop-App**: Desktop-specific functionality tests ✓ -- **Web-App**: Web-specific functionality tests ✓ -- **Cross-Module Integration**: All tests run together successfully ✓ - -## Test Coverage by Module - -### 1. Common-UI Module (`client/common-ui`) - -#### **Test Infrastructure Added** -- **Build Configuration**: Added `commonTest` sourceSet with essential dependencies -- **Testing Dependencies**: kotlin-test, kotlinx-coroutines-test -- **Test Execution**: `./gradlew :client:common-ui:jvmTest` ✅ BUILD SUCCESSFUL - -#### **Essential Tests Implemented** - -##### **PingResponseTest.kt** (Data Layer Testing) -```kotlin -// Coverage: 7 comprehensive tests -- Data model creation and validation -- JSON serialization/deserialization (critical for network calls) -- Edge cases (empty status, different values) -- Data class behavior (equals, hashCode, toString) -- Serialization roundtrip testing -``` - -##### **PingServiceTest.kt** (Service Layer Testing) -```kotlin -// Coverage: 10 structural tests -- Service creation with default/custom parameters -- HttpClient lifecycle management and resource cleanup -- Service configuration validation -- Multiple close calls handling -- Different baseUrl format support -- Result wrapper pattern validation -``` - -##### **PingViewModelTest.kt** (MVVM Layer Testing) -```kotlin -// Coverage: 8 state management tests -- PingUiState sealed class validation (Initial, Loading, Success, Error) -- ViewModel creation with initial state -- State transition to Loading on ping action -- Resource disposal and cleanup -- State immutability enforcement -- Different service configuration handling -``` - -**Critical Business Logic Covered:** -- ✅ Network service layer (HTTP client, resource management) -- ✅ MVVM architecture (state management, four UI states) -- ✅ Data models (serialization, validation) -- ✅ Integration patterns (Result wrappers, coroutines) - -### 2. Desktop-App Module (`client/desktop-app`) - -#### **Test Infrastructure Status** -- **Existing Tests**: Comprehensive coverage already in place -- **Test Execution**: `./gradlew :client:desktop-app:jvmTest` ✅ BUILD SUCCESSFUL - -#### **Essential Tests Available** - -##### **MainTest.kt** (Desktop-Specific Testing) -```kotlin -// Coverage: 3 comprehensive tests -- Main class loading and structure verification -- Package structure validation -- System property configuration (API URL handling) -``` - -**Desktop-Specific Functionality Covered:** -- ✅ Application bootstrap and main class structure -- ✅ JVM-specific configuration management -- ✅ Desktop application lifecycle -- ✅ Integration with common-ui MVVM architecture - -### 3. Web-App Module (`client/web-app`) - -#### **Test Infrastructure Status** -- **Existing Tests**: Comprehensive coverage already in place -- **Test Execution**: `./gradlew :client:web-app:jsTest` ✅ BUILD SUCCESSFUL - -#### **Essential Tests Available** - -##### **MainTest.kt** (Web-Specific Testing) -```kotlin -// Coverage: 4 comprehensive tests -- Main function accessibility validation -- Package structure (JS-compatible) -- AppStylesheet accessibility and style validation -- Web application structure validation -``` - -**Web-Specific Functionality Covered:** -- ✅ JavaScript environment compatibility -- ✅ Compose for Web integration -- ✅ CSS styling infrastructure -- ✅ PWA-ready application structure -- ✅ Integration with common-ui MVVM architecture - -## Integration Validation - -### ✅ Multi-Platform Test Execution -```bash -./gradlew :client:common-ui:jvmTest :client:desktop-app:jvmTest :client:web-app:jsTest -# Result: BUILD SUCCESSFUL in 4s ✅ -``` - -### ✅ Test Coverage Statistics -- **Common-UI**: 25 essential tests (PingResponse: 7, PingService: 10, PingViewModel: 8) -- **Desktop-App**: 3 structural tests (desktop-specific functionality) -- **Web-App**: 4 structural tests (web-specific functionality) -- **Total**: 32 essential tests across all client modules - -## Critical Issues Resolved - -### 1. **Missing Test Infrastructure in Common-UI** ❌➜✅ -**Problem**: No test configuration or files despite containing critical business logic -**Solution**: Added complete commonTest sourceSet with proper dependencies - -### 2. **Untested Business Logic** ❌➜✅ -**Problem**: PingService, PingViewModel, PingResponse had zero test coverage -**Solution**: Comprehensive test suites covering all critical functionality - -### 3. **MVVM Architecture Validation** ❌➜✅ -**Problem**: No validation of four UI states and state transitions -**Solution**: Complete PingViewModelTest covering all state management scenarios - -### 4. **Cross-Module Integration Risk** ❌➜✅ -**Problem**: Shared code changes could break both desktop and web apps -**Solution**: Integrated test execution validates compatibility across all modules - -## Quality Assurance Benefits - -### 🔒 **Production Stability** -- **Network Layer**: HTTP client and resource management validated -- **State Management**: MVVM pattern and UI states thoroughly tested -- **Data Layer**: Serialization and model validation confirmed -- **Platform Integration**: Desktop and web compatibility verified - -### 🚀 **Development Confidence** -- **Regression Prevention**: Automated tests catch breaking changes -- **Refactoring Safety**: Code changes validated across all platforms -- **Documentation**: Self-documenting test scenarios -- **CI/CD Ready**: All tests integrate with build pipeline - -### 📊 **Architecture Compliance** -- **Trace-Bullet Guidelines**: Four UI states properly tested -- **MVVM Pattern**: State management and lifecycle validated -- **Separation of Concerns**: Each layer independently testable -- **Resource Management**: Proper cleanup and disposal verified - -## Recommendations for Future Development - -### 1. **Enhanced Testing** -- Add integration tests with actual backend services -- Implement UI testing for user interactions -- Add performance tests for large datasets - -### 2. **Test Infrastructure** -- Consider adding ktor-client-mock for more sophisticated HTTP testing -- Implement test data factories for complex scenarios -- Add code coverage reporting - -### 3. **Monitoring Integration** -- Connect tests to monitoring infrastructure -- Add metrics collection for test execution -- Implement test result reporting to development teams - -## Conclusion - -The integration of essential tests across all client modules has been **successfully completed**: - -- ✅ **Critical Test Gap Resolved**: Common-UI now has comprehensive test coverage -- ✅ **Cross-Platform Validation**: All modules tested and compatible -- ✅ **Production Readiness**: Core business logic thoroughly validated -- ✅ **Architecture Compliance**: MVVM and Trace-Bullet guidelines verified -- ✅ **Development Workflow**: Automated testing integrated into build process - -The client architecture now provides a solid foundation for safe development and deployment of the "Tracer Bullet" functionality with proper quality assurance across all platforms. - ---- -**Integration Status**: ✅ COMPLETED SUCCESSFULLY -**Test Execution**: ✅ BUILD SUCCESSFUL in 4s -**Quality Gate**: ✅ PASSED - Production Ready diff --git a/INFRASTRUCTURE_ANALYSIS_SUMMARY.md b/INFRASTRUCTURE_ANALYSIS_SUMMARY.md deleted file mode 100644 index 77027796..00000000 --- a/INFRASTRUCTURE_ANALYSIS_SUMMARY.md +++ /dev/null @@ -1,173 +0,0 @@ -# Infrastructure Analysis & Optimization Summary - -**Datum**: 15. August 2025 -**Analysierte Module**: Alle 6 Hauptkomponenten der Infrastructure (auth, cache, event-store, gateway, messaging, monitoring) - -## Executive Summary - -Die Infrastructure-Analyse zeigt ein größtenteils gut gewartetes und modernes System mit hochwertigen Implementierungen. Von den 6 Hauptkomponenten sind 5 in ausgezeichnetem Zustand mit umfassenden Tests und modernen Konfigurationen. Ein kritisches Problem wurde identifiziert und behoben. - -## Detaillierte Ergebnisse - -### ✅ Sehr gut gewartete Komponenten - -#### 1. Gateway (infrastructure/gateway) -- **Status**: Exzellent ✅ -- **Tests**: 53/53 passing (100%) -- **Features**: Vollständig optimiertes API Gateway mit Circuit Breaker, Rate Limiting, JWT-Authentifizierung, CORS, Korrelations-IDs, strukturiertem Logging -- **Konfiguration**: Moderne Spring Cloud Gateway Implementierung mit Resilience4j -- **Anmerkung**: Entgegen der älteren Optimierungsnotiz sind alle Tests erfolgreich - -#### 2. Messaging (infrastructure/messaging) -- **Status**: Exzellent ✅ -- **Tests**: 39/39 passing (100%) -- **Features**: Kafka-Integration, Sicherheitskonfiguration, Serialisierung, Consumer/Producer, Batch-Verarbeitung -- **Konfiguration**: Umfassende Kafka-Client-Bibliothek mit reaktiver Unterstützung - -#### 3. Cache (infrastructure/cache) -- **Status**: Exzellent ✅ -- **Tests**: 39/39 passing (100%) -- **Features**: Redis-basiertes Caching, TTL-Management, Batch-Operationen, Performance-Tests, Resilience-Tests -- **Konfiguration**: Robuste Redis-Cache-Implementierung mit Edge-Case-Behandlung - -#### 4. Event Store (infrastructure/event-store) -- **Status**: Exzellent ✅ -- **Tests**: 48/48 passing (100%) -- **Features**: Event Sourcing, Redis-basierte Implementierung, Concurrency-Kontrolle, Performance-Optimierung -- **Konfiguration**: Vollständige Event Store Implementierung mit konfigurierbaren Eigenschaften - -### ⚠️ Komponenten mit identifizierten Problemen - -#### 5. Authentication (infrastructure/auth) -- **Status**: Gut mit kleinen Problemen ⚠️ -- **Tests**: 74/76 passing (97%) -- **Problem**: Intermittierendes Test-Isolationsproblem bei JWT-Signatur-Validierung -- **Details**: Der Test "should reject tokens with tampered signatures" schlägt manchmal fehl, funktioniert aber beim individuellen Ausführen -- **Empfehlung**: Test-Isolation verbessern, möglicherweise @DirtiesContext verwenden - -#### 6. Monitoring (infrastructure/monitoring) -- **Status**: Problematisch - Reparatur erforderlich ❌ -- **Tests**: - - monitoring-client: 2/2 passing (100%) - - monitoring-server: 0/1 passing (0%) -- **Kritisches Problem**: ApplicationContext kann nicht geladen werden -- **Behobene Probleme**: - - ✅ Veraltete zipkin-autoconfigure-ui Abhängigkeit entfernt - - ✅ Kotlin-Compiler-Optimierungen hinzugefügt - - ✅ Build-Konfiguration standardisiert - -## Durchgeführte Optimierungen - -### 1. Monitoring-Server Reparaturen -```kotlin -// Entfernte veraltete Abhängigkeit (Zipkin 3.x hat integrierte UI) -// implementation(libs.zipkin.autoconfigure.ui) // ENTFERNT - -// Hinzugefügte Kotlin-Compiler-Optimierungen -tasks.withType { - compilerOptions { - freeCompilerArgs.addAll( - "-Xjsr305=strict", - "-opt-in=kotlin.RequiresOptIn" - ) - jvmTarget.set(org.jetbrains.kotlin.gradle.dsl.JvmTarget.JVM_21) - } -} - -// Hinzugefügte Build-Info-Generierung -springBoot { - mainClass.set("at.mocode.infrastructure.monitoring.MonitoringServerApplicationKt") - buildInfo() // NEU -} -``` - -### 2. Version Catalog Bereinigung -```toml -# Entfernte obsolete Abhängigkeit aus gradle/libs.versions.toml -# zipkin-autoconfigure-ui = { module = "io.zipkin:zipkin-autoconfigure-ui", version.ref = "zipkin" } -``` - -## Technologie-Stack Bewertung - -### Aktuelle Versionen (Stand: August 2025) -- ✅ **Kotlin**: 2.2.0 (aktuell) -- ✅ **Spring Boot**: 3.3.2 (aktuell) -- ✅ **Spring Cloud**: 2023.0.3 (aktuell) -- ✅ **Zipkin**: 3.0.5 (aktuell) -- ✅ **Redis**: Lettuce 6.3.1 (aktuell) -- ✅ **Kafka**: Über Spring Boot BOM (aktuell) -- ✅ **JWT**: Auth0 4.4.0 (aktuell) -- ✅ **Resilience4j**: 2.2.0 (aktuell) - -## Empfehlungen für weitere Optimierungen - -### Kurzfristig (High Priority) -1. **Monitoring-Server Context-Problem beheben** - - ApplicationContext-Ladeproblems diagnostizieren - - Möglicherweise Zipkin-Server-Konfiguration überprüfen - - Missing Beans oder Configuration-Properties identifizieren - -2. **Auth-Client Test-Isolation** - - @DirtiesContext für JWT-Tests hinzufügen - - Test-Reihenfolge-Abhängigkeiten eliminieren - - Shared State zwischen Tests vermeiden - -3. **Monitoring Test-Coverage erweitern** - - Monitoring-Client hat nur 2 Tests - - Integration Tests für Zipkin-Server hinzufügen - - Health-Check Tests implementieren - -### Mittelfristig (Medium Priority) -1. **Build-Konfiguration Standardisierung** - - Alle Module sollten einheitliche Kotlin-Compiler-Optionen haben - - Build-Info-Generierung für alle ausführbaren Module - - Konsistente Test-Konfigurationen - -2. **Security Enhancements** - - JWT-Token-Rotation implementieren - - Rate-Limiting-Konfigurationen überprüfen - - Security-Headers standardisieren - -3. **Performance Monitoring** - - Metriken für alle Infrastructure-Komponenten - - Dashboard für Infrastructure-Health - - Alerting für kritische Komponenten - -### Langfristig (Nice to Have) -1. **Advanced Monitoring** - - OpenTelemetry Integration - - Distributed Tracing für alle Komponenten - - Advanced Grafana Dashboards - -2. **Resilience Improvements** - - Chaos Engineering Tests - - Multi-Region Deployment Vorbereitung - - Advanced Circuit Breaker Konfigurationen - -## Test-Coverage Übersicht - -| Komponente | Tests Passing | Tests Total | Coverage | Status | -|------------|---------------|-------------|----------|---------| -| Gateway | 53 | 53 | 100% | ✅ Exzellent | -| Auth-Client | 74 | 76 | 97% | ⚠️ Fast perfekt | -| Messaging-Client | 39 | 39 | 100% | ✅ Exzellent | -| Cache (Redis) | 39 | 39 | 100% | ✅ Exzellent | -| Event-Store | 48 | 48 | 100% | ✅ Exzellent | -| Monitoring-Client | 2 | 2 | 100% | ⚠️ Minimal | -| Monitoring-Server | 0 | 1 | 0% | ❌ Fehlerhaft | -| **Gesamt** | **255** | **258** | **99%** | **Sehr gut** | - -## Fazit - -Die Infrastructure zeigt eine beeindruckende Qualität mit 99% Test-Success-Rate und modernen Technologien. Die meisten Komponenten sind produktionstauglich und gut getestet. Das einzige kritische Problem liegt im Monitoring-Server, das aber bereits teilweise behoben wurde. - -**Nächste Schritte**: -1. Monitoring-Server ApplicationContext-Problem lösen -2. Auth-Client Test-Isolation verbessern -3. Monitoring Test-Coverage erweitern - -Die Infrastructure stellt eine solide Grundlage für das Meldestelle-System dar und folgt modernen Microservices-Best-Practices. - ---- -**Erstellt von**: Junie (AI Assistant) -**Letzte Aktualisierung**: 15. August 2025 diff --git a/Makefile b/Makefile index efc1cd76..a2e71412 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # =================================================================== # Meldestelle Docker Development Makefile -# Convenient commands for managing containerized development workflow +# Optimierte Befehle für containerisierte Entwicklungs-Workflows # =================================================================== .PHONY: help dev-up dev-down dev-restart dev-logs build clean test @@ -8,7 +8,8 @@ .PHONY: clients-up clients-down clients-restart clients-logs .PHONY: prod-up prod-down prod-restart prod-logs .PHONY: infrastructure-up infrastructure-down infrastructure-logs -.PHONY: dev-tools-up dev-tools-down status health-check logs shell env-template dev-info clean-all build-service build-client +.PHONY: full-up full-down full-restart full-logs +.PHONY: dev-tools-up dev-tools-down status health-check logs shell env-setup env-dev env-prod env-staging env-test dev-info clean-all build-service build-client .ONESHELL: @@ -69,48 +70,139 @@ infrastructure-down: ## Stop infrastructure services infrastructure-logs: ## Show infrastructure logs $(COMPOSE) -f docker-compose.yml logs -f -services-up: ## Start application services (simplified: base compose only) - @echo "⚙️ Starting services (simplified setup using docker-compose.yml only)..." - $(COMPOSE) -f docker-compose.yml up -d - @echo "✅ Services started (based on docker-compose.yml)" +services-up: ## Start application services (infrastructure + microservices) + @echo "⚙️ Starting application services..." + $(COMPOSE) -f docker-compose.yml -f docker-compose.services.yml up -d + @echo "✅ Application services started" + @echo "🔗 Gateway: http://localhost:8081" + @echo "🏓 Ping Service: http://localhost:8082" + @echo "👥 Members Service: http://localhost:8083" + @echo "🐎 Horses Service: http://localhost:8084" + @echo "🎯 Events Service: http://localhost:8085" + @echo "📊 Master Service: http://localhost:8086" -services-down: ## Stop application services (simplified) - $(COMPOSE) -f docker-compose.yml down +services-down: ## Stop application services + $(COMPOSE) -f docker-compose.yml -f docker-compose.services.yml down services-restart: ## Restart application services @$(MAKE) services-down @$(MAKE) services-up -services-logs: ## Show application services logs (simplified) - $(COMPOSE) -f docker-compose.yml logs -f +services-logs: ## Show application services logs + $(COMPOSE) -f docker-compose.yml -f docker-compose.services.yml logs -f -clients-up: ## Start client applications (simplified using base compose) - @echo "💻 Starting client applications (simplified)..." - $(COMPOSE) -f docker-compose.yml up -d - @echo "✅ Client applications started (docker-compose.yml)" +clients-up: ## Start client applications (infrastructure + clients) + @echo "💻 Starting client applications..." + $(COMPOSE) -f docker-compose.yml -f docker-compose.clients.yml up -d + @echo "✅ Client applications started" + @echo "🌐 Web App: http://localhost:3000" + @echo "🔐 Auth Server: http://localhost:8087" + @echo "📈 Monitoring: http://localhost:8088" -clients-down: ## Stop client applications (simplified) - $(COMPOSE) -f docker-compose.yml down +clients-down: ## Stop client applications + $(COMPOSE) -f docker-compose.yml -f docker-compose.clients.yml down clients-restart: ## Restart client applications @$(MAKE) clients-down @$(MAKE) clients-up -clients-logs: ## Show client application logs (simplified) - $(COMPOSE) -f docker-compose.yml logs -f +clients-logs: ## Show client application logs + $(COMPOSE) -f docker-compose.yml -f docker-compose.clients.yml logs -f + +# =================================================================== +# Full System Commands +# =================================================================== + +full-up: ## Start complete system (infrastructure + services + clients) + @echo "🚀 Starting complete Meldestelle system..." + $(COMPOSE) -f docker-compose.yml -f docker-compose.services.yml -f docker-compose.clients.yml up -d + @echo "✅ Complete system started" + @echo "" + @echo "🌐 Frontend & APIs:" + @echo " Web App: http://localhost:3000" + @echo " API Gateway: http://localhost:8081" + @echo "" + @echo "🔧 Infrastructure:" + @echo " PostgreSQL: localhost:5432" + @echo " Redis: localhost:6379" + @echo " Keycloak: http://localhost:8180" + @echo " Consul: http://localhost:8500" + @echo " Prometheus: http://localhost:9090" + @echo " Grafana: http://localhost:3000" + @echo "" + @echo "⚙️ Microservices:" + @echo " Ping Service: http://localhost:8082" + @echo " Members Service: http://localhost:8083" + @echo " Horses Service: http://localhost:8084" + @echo " Events Service: http://localhost:8085" + @echo " Master Service: http://localhost:8086" + @echo " Auth Server: http://localhost:8087" + @echo " Monitoring: http://localhost:8088" + +full-down: ## Stop complete system + $(COMPOSE) -f docker-compose.yml -f docker-compose.services.yml -f docker-compose.clients.yml down + +full-restart: ## Restart complete system + @$(MAKE) full-down + @$(MAKE) full-up + +full-logs: ## Show all system logs + $(COMPOSE) -f docker-compose.yml -f docker-compose.services.yml -f docker-compose.clients.yml logs -f + +# =================================================================== +# Environment Configuration Commands +# =================================================================== + +env-setup: ## Show environment setup instructions + @echo "🔧 Umgebungskonfiguration - Environment Setup" + @echo "==============================================" + @echo "" + @echo "Verfügbare Umgebungen:" + @echo " make env-dev - Entwicklungsumgebung" + @echo " make env-prod - Produktionsumgebung" + @echo " make env-staging - Staging-Umgebung" + @echo " make env-test - Testumgebung" + @echo "" + @echo "Aktuelle Konfiguration:" + @ls -la .env 2>/dev/null || echo " Keine .env Datei gefunden - führe 'make env-dev' aus" + +env-dev: ## Switch to development environment + @echo "🔧 Switching to development environment..." + @ln -sf config/.env.dev .env + @echo "✅ Development environment activated (.env -> config/.env.dev)" + @echo "Debug mode: enabled, CORS: permissive, Logging: verbose" + +env-prod: ## Switch to production environment + @echo "🔧 Switching to production environment..." + @ln -sf config/.env.prod .env + @echo "✅ Production environment activated (.env -> config/.env.prod)" + @echo "⚠️ WICHTIG: Überprüfen Sie alle CHANGE_ME Werte in .env!" + +env-staging: ## Switch to staging environment + @echo "🔧 Switching to staging environment..." + @ln -sf config/.env.staging .env + @echo "✅ Staging environment activated (.env -> config/.env.staging)" + @echo "Production-like settings with moderate resources" + +env-test: ## Switch to test environment + @echo "🔧 Switching to test environment..." + @ln -sf config/.env.test .env + @echo "✅ Test environment activated (.env -> config/.env.test)" + @echo "Optimized for automated testing with alternative ports" # =================================================================== # Production Commands # =================================================================== -prod-up: ## Start production environment (simplified) - @echo "🚀 Starting production environment (simplified)..." - @echo "⚠️ Make sure environment variables are properly set!" - $(COMPOSE) -f docker-compose.yml up -d - @echo "✅ Production environment started (docker-compose.yml)" +prod-up: ## Start production environment + @echo "🚀 Starting production environment..." + @echo "⚠️ Make sure environment variables are properly set!" + @if [ ! -f .env ]; then echo "❌ No .env file found! Run 'make env-prod' first."; exit 1; fi + $(COMPOSE) -f docker-compose.yml -f docker-compose.services.yml up -d + @echo "✅ Production environment started" -prod-down: ## Stop production environment (simplified) - $(COMPOSE) -f docker-compose.yml down +prod-down: ## Stop production environment + $(COMPOSE) -f docker-compose.yml -f docker-compose.services.yml down prod-restart: ## Restart production environment @$(MAKE) prod-down diff --git a/README-DOCKER.md b/README-DOCKER.md new file mode 100644 index 00000000..cc64d95b --- /dev/null +++ b/README-DOCKER.md @@ -0,0 +1,299 @@ +# Meldestelle - Docker Konfiguration + +## Übersicht + +Das Meldestelle-Projekt nutzt eine modulare Docker-Compose-Struktur für verschiedene Deployment-Szenarien: + +- **`docker-compose.yml`** - Basis-Infrastruktur (PostgreSQL, Redis, Keycloak, Consul, Kafka, Monitoring, Gateway) +- **`docker-compose.services.yml`** - Microservices (Ping, Members, Horses, Events, Masterdata) +- **`docker-compose.clients.yml`** - Client-Anwendungen (Web-App, Auth-Server, Monitoring-Server) + +## Architektur + +### Infrastruktur-Services (docker-compose.yml) +- **PostgreSQL** (Port 5432) - Hauptdatenbank +- **Redis** (Port 6379) - Cache und Event Store +- **Keycloak** (Port 8180) - Authentifizierung und Autorisierung +- **Consul** (Port 8500) - Service Discovery +- **Kafka + Zookeeper** (Ports 9092, 2181) - Event Streaming +- **Prometheus** (Port 9090) - Metriken-Sammlung +- **Grafana** (Port 3000) - Monitoring-Dashboard +- **API Gateway** (Port 8081) - Zentraler Eingang + +### Microservices (docker-compose.services.yml) +- **Ping Service** (Port 8082) - Health Check und Test Service +- **Members Service** (Port 8083) - Mitgliederverwaltung +- **Horses Service** (Port 8084) - Pferdedaten +- **Events Service** (Port 8085) - Veranstaltungen +- **Masterdata Service** (Port 8086) - Stammdaten + +### Client-Anwendungen (docker-compose.clients.yml) +- **Web Application** (Port 3000) - Kotlin Multiplatform Frontend +- **Auth Server** (Port 8087) - Erweiterte Authentifizierung +- **Monitoring Server** (Port 8088) - Monitoring-Erweiterungen + +## Verwendung + +### Nur Infrastruktur starten +```bash +# Für Backend-Entwicklung +docker-compose up -d +``` + +### Vollständiges System +```bash +# Alle Services und Clients +docker-compose -f docker-compose.yml \ + -f docker-compose.services.yml \ + -f docker-compose.clients.yml up -d +``` + +### Nur Services ohne Clients +```bash +# Infrastruktur + Microservices +docker-compose -f docker-compose.yml \ + -f docker-compose.services.yml up -d +``` + +### Spezifische Services +```bash +# Nur bestimmte Services +docker-compose up -d postgres redis keycloak +``` + +## Umgebungsvariablen + +Die Docker-Konfiguration nutzt das zentrale `.env`-System aus dem `config/` Verzeichnis: + +```bash +# Für Entwicklung +ln -sf config/.env.dev .env + +# Für Produktion +ln -sf config/.env.prod .env + +# Für Tests +ln -sf config/.env.test .env +``` + +### Wichtige Variablen + +| Variable | Standard | Beschreibung | +|----------|----------|--------------| +| `POSTGRES_USER` | meldestelle | PostgreSQL Benutzer | +| `POSTGRES_PASSWORD` | meldestelle | PostgreSQL Passwort | +| `POSTGRES_DB` | meldestelle | PostgreSQL Datenbankname | +| `REDIS_PASSWORD` | (leer) | Redis Passwort | +| `GATEWAY_PORT` | 8081 | API Gateway Port | +| `CONSUL_PORT` | 8500 | Consul Port | +| `KAFKA_PORT` | 9092 | Kafka Port | +| `PROMETHEUS_PORT` | 9090 | Prometheus Port | +| `GRAFANA_PORT` | 3000 | Grafana Port | + +## Health Checks + +Alle Services verfügen über Health Checks: + +```bash +# Status aller Services prüfen +docker-compose ps + +# Service-spezifische Logs +docker-compose logs -f [service-name] + +# Health Check einzelner Services +docker-compose exec postgres pg_isready -U meldestelle +docker-compose exec redis redis-cli ping +curl http://localhost:8500/v1/status/leader # Consul +curl http://localhost:8081/actuator/health # API Gateway +``` + +## Entwicklung + +### Hot Reload für Web-App +```bash +# Web-App im Development-Modus +docker-compose -f docker-compose.yml \ + -f docker-compose.clients.yml up -d web-app +``` + +### Debug-Modus für Services +```bash +# Service mit Debug-Port (5005) +docker-compose -f docker-compose.yml \ + -f docker-compose.services.yml up -d +# Debug-Port ist automatisch verfügbar +``` + +### Logs verfolgen +```bash +# Alle Logs +docker-compose logs -f + +# Spezifischer Service +docker-compose logs -f api-gateway + +# Letzten 100 Zeilen +docker-compose logs --tail=100 -f +``` + +## Datenmanagement + +### Volumes +- `postgres-data` - PostgreSQL Daten +- `redis-data` - Redis Persistierung +- `prometheus-data` - Prometheus Metriken +- `grafana-data` - Grafana Dashboards +- `monitoring-data` - Custom Monitoring Daten + +### Backup +```bash +# PostgreSQL Backup +docker-compose exec -T postgres pg_dump -U meldestelle meldestelle > backup.sql + +# Redis Backup +docker-compose exec redis redis-cli SAVE +docker cp $(docker-compose ps -q redis):/data/dump.rdb ./redis-backup.rdb +``` + +### Reset +```bash +# Alle Container und Volumes löschen +docker-compose down -v +docker-compose -f docker-compose.yml \ + -f docker-compose.services.yml \ + -f docker-compose.clients.yml down -v + +# Images neu bauen +docker-compose build --no-cache +``` + +## Monitoring + +### Prometheus Metriken +- URL: http://localhost:9090 +- Sammelt Metriken von allen Services +- Konfiguration: `docker/monitoring/prometheus/prometheus.yml` + +### Grafana Dashboards +- URL: http://localhost:3000 +- Benutzer: admin / admin (Standard) +- Vorkonfigurierte Dashboards für alle Services + +### Service Discovery +- Consul UI: http://localhost:8500 +- Zeigt alle registrierten Services +- Health Status und Service-Informationen + +## Troubleshooting + +### Häufige Probleme + +1. **Port-Konflikte** + ```bash + # Ports prüfen + netstat -tulpn | grep :8081 + + # Alternative Ports in .env setzen + GATEWAY_PORT=8082 + ``` + +2. **Service startet nicht** + ```bash + # Dependencies prüfen + docker-compose ps + + # Logs analysieren + docker-compose logs [service-name] + + # Service neu starten + docker-compose restart [service-name] + ``` + +3. **Speicher-Probleme** + ```bash + # Speicher freigeben + docker system prune -a + + # Volumes prüfen + docker volume ls + ``` + +4. **Netzwerk-Probleme** + ```bash + # Netzwerk neu erstellen + docker-compose down + docker network prune + docker-compose up -d + ``` + +### Konfiguration validieren +```bash +# Docker-Compose Syntax prüfen +docker-compose config + +# Mit allen Files +docker-compose -f docker-compose.yml \ + -f docker-compose.services.yml \ + -f docker-compose.clients.yml config +``` + +## Produktion + +### Sicherheitsaspekte +1. **Secrets**: Verwenden Sie starke Passwörter in `.env.prod` +2. **Netzwerk**: Externe Zugriffe über Load Balancer +3. **Volumes**: Backup-Strategie implementieren +4. **Updates**: Regelmäßige Image-Updates + +### Performance-Optimierungen +1. **Resource Limits**: In Produktion definieren +2. **Monitoring**: Vollständige Observability +3. **Load Balancing**: Mehrere Instanzen für kritische Services +4. **Caching**: Redis optimal konfigurieren + +## Build-Automatisierung + +### Makefile-Integration +```bash +# Verfügbare Targets +make help + +# System starten +make start + +# System stoppen +make stop + +# Logs anzeigen +make logs + +# Services bauen +make build +``` + +### CI/CD Integration +```yaml +# GitHub Actions Beispiel +- name: Start Services + run: | + docker-compose -f docker-compose.yml \ + -f docker-compose.services.yml up -d + +- name: Run Tests + run: | + docker-compose exec -T api-gateway ./gradlew test +``` + +## Support + +Bei Problemen: + +1. Überprüfen Sie die Logs: `docker-compose logs -f` +2. Validieren Sie die Konfiguration: `docker-compose config` +3. Prüfen Sie die Umgebungsvariablen: `docker-compose config | grep environment` +4. Konsultieren Sie die Service-spezifischen READMEs im jeweiligen Verzeichnis + +--- + +*Letzte Aktualisierung: 2025-01-06* diff --git a/README-ENV.md b/README-ENV.md index dba94037..8a66a082 100644 --- a/README-ENV.md +++ b/README-ENV.md @@ -2,17 +2,21 @@ ## Was wurde implementiert -Dieses Projekt wurde erfolgreich mit einer umfassenden Umgebungsvariablen-Konfiguration für die lokale Entwicklung ausgestattet. +Das Meldestelle-Projekt verfügt über eine vollständig zentralisierte Umgebungsvariablen-Konfiguration im `config/` Verzeichnis. -### 1. Erstellte Dateien +### 1. Zentrale Konfigurationsstruktur -- **`.env`** - Zentrale Konfigurationsdatei mit allen erforderlichen Umgebungsvariablen -- **`docs/development/environment-variables-de.md`** - Umfassende Dokumentation aller Umgebungsvariablen -- **`validate-env.sh`** - Validierungsskript für die Umgebungskonfiguration +- **`config/.env.template`** - Master-Vorlage mit allen verfügbaren Umgebungsvariablen +- **`config/.env.dev`** - Entwicklungsumgebung-Konfiguration +- **`config/.env.prod`** - Produktionsumgebung-Konfiguration +- **`config/.env.staging`** - Staging-Umgebung-Konfiguration +- **`config/.env.test`** - Testumgebung-Konfiguration +- **`config/README.md`** - Umfassende Dokumentation der Konfigurationsverwaltung ### 2. Aktualisierte Dateien -- **`docker-compose.yml`** - Alle Services verwenden jetzt Umgebungsvariablen mit Fallback-Werten +- **`docker-compose.yml`** - Alle Services verwenden Umgebungsvariablen mit Fallback-Werten +- **Symlink `.env`** - Verweist auf die aktuelle Umgebungskonfiguration ### 3. Konfigurierte Services @@ -43,14 +47,21 @@ Die folgenden Services sind vollständig konfiguriert: ### Schnellstart -1. **Services starten:** +1. **Umgebung wählen:** ```bash - docker-compose up -d + # Für Entwicklung + ln -sf config/.env.dev .env + + # Für Produktion + ln -sf config/.env.prod .env + + # Für Tests + ln -sf config/.env.test .env ``` -2. **Konfiguration validieren:** +2. **Services starten:** ```bash - ./validate-env.sh + docker-compose up -d ``` 3. **Services überprüfen:** @@ -60,14 +71,14 @@ Die folgenden Services sind vollständig konfiguriert: ### Anpassungen -- Bearbeiten Sie die `.env`-Datei für lokale Anpassungen -- Verwenden Sie verschiedene Ports für mehrere Entwickler -- Ändern Sie Passwörter für Produktionsumgebungen +- Kopieren und bearbeiten Sie die gewünschte `.env.*` Datei aus dem `config/` Verzeichnis +- Verwenden Sie verschiedene Ports für mehrere Entwickler (siehe `.env.test` für Beispiel) +- Ändern Sie alle `CHANGE_ME` Werte in Produktionsumgebungen ### Dokumentation Vollständige Dokumentation finden Sie in: -- `docs/development/environment-variables-de.md` +- `config/README.md` - Zentrale Konfigurationsdokumentation ## Sicherheitshinweise @@ -80,12 +91,14 @@ Vollständige Dokumentation finden Sie in: ## Fehlerbehebung Bei Problemen: -1. Führen Sie `./validate-env.sh` aus -2. Überprüfen Sie die Logs mit `docker-compose logs -f` -3. Validieren Sie die Konfiguration mit `docker-compose config` +1. Überprüfen Sie die aktive Umgebungskonfiguration: `ls -la .env` +2. Validieren Sie die Docker-Compose-Konfiguration: `docker-compose config` +3. Überprüfen Sie die Service-Logs: `docker-compose logs -f` +4. Konsultieren Sie `config/README.md` für detaillierte Konfigurationsrichtlinien ## Nächste Schritte -- Testen Sie die Anwendung mit den neuen Umgebungsvariablen -- Passen Sie die Werte nach Bedarf für Ihre Entwicklungsumgebung an -- Erstellen Sie umgebungsspezifische .env-Dateien für verschiedene Stages +- Die zentrale Konfiguration ist bereits vollständig implementiert +- Wählen Sie die gewünschte Umgebung mit den Symlink-Befehlen oben +- Passen Sie Konfigurationswerte in den `config/.env.*` Dateien nach Bedarf an +- Für neue Umgebungen verwenden Sie `config/.env.template` als Ausgangspunkt diff --git a/README-PRODUCTION.md b/README-PRODUCTION.md index 3decdd35..50242497 100644 --- a/README-PRODUCTION.md +++ b/README-PRODUCTION.md @@ -60,16 +60,19 @@ cd Meldestelle ### 2. Produktionsumgebung konfigurieren ```bash -# Kopieren Sie die Produktions-Umgebungsvariablen -cp .env.prod.example .env.prod +# Kopieren Sie die Produktions-Umgebungsvariablen aus dem config Verzeichnis +cp config/.env.prod .env.prod # Bearbeiten Sie die Produktionskonfiguration nano .env.prod + +# Oder verwenden Sie einen Symlink für direkte Nutzung +ln -sf config/.env.prod .env ``` ### 3. SSL-Zertifikate einrichten -Siehe [SSL Certificate Setup Guide](config/ssl/README.md) für detaillierte Anweisungen. +Siehe [SSL-Zertifikat Setup Anleitung](config/ssl/README-de.md) für detaillierte Anweisungen. #### Schnellstart mit Let's Encrypt diff --git a/TODO-Containerisierungsstrategie.md b/TODO-Containerisierungsstrategie.md deleted file mode 100644 index 200874ee..00000000 --- a/TODO-Containerisierungsstrategie.md +++ /dev/null @@ -1,235 +0,0 @@ -### Containerisierungsstrategie für das Meldestelle-Projekt - -Basierend auf meiner Analyse der aktuellen Infrastruktur und Projektstruktur empfehle ich eine mehrstufige -Containerisierungsstrategie, die auf den bereits vorhandenen, exzellenten Docker-Setups aufbaut. - -### Aktuelle Situation - Stärken - -Das Projekt verfügt bereits über eine sehr solide Basis: - -#### ✅ Ausgezeichnete Infrastructure Services - -- **Development**: `docker-compose.yml` mit allen notwendigen Services -- **Production**: `docker-compose.prod.yml` mit Security-Härtung, SSL/TLS, Resource-Limits -- **Services**: PostgreSQL, Redis, Keycloak, Kafka, Zipkin, Consul, Prometheus, Grafana, Nginx - -#### ✅ Hochqualitative Dockerfile-Templates - -- **Multi-stage Builds** für optimale Layer-Caching -- **Security Best Practices** (non-root user, Alpine Linux) -- **Comprehensive Health Checks** -- **JVM-Optimierungen** für Container-Umgebungen -- **Monitoring-Integration** - -### Empfohlene Containerisierungsstrategie - -#### 1. **Dockerfile-Standardisierung und -Templates** - -**Erstelle Dockerfile-Templates für verschiedene Service-Typen:** - -``` -dockerfiles/ -├── templates/ -│ ├── spring-boot-service.Dockerfile # Für Backend-Services -│ ├── kotlin-multiplatform-web.Dockerfile # Für Web-Client -│ └── monitoring-service.Dockerfile # Für Monitoring-Services -├── infrastructure/ -│ ├── gateway/Dockerfile # ✅ Bereits vorhanden -│ ├── auth-server/Dockerfile -│ └── monitoring-server/Dockerfile -└── services/ - ├── members-service/Dockerfile - ├── horses-service/Dockerfile - ├── events-service/Dockerfile - └── masterdata-service/Dockerfile -``` - -#### 2. **Backend-Services Containerisierung** - -**Für alle aktuellen und zukünftigen Services:** - -```dockerfile -# Template basierend auf ping-service/Dockerfile -FROM gradle:8.14-jdk21-alpine AS builder -# [Gradle Build Stage mit Layer-Optimierung] - -FROM eclipse-temurin:21-jre-alpine AS runtime -# [Runtime mit Security & Monitoring] -``` - -**Priorität der Service-Containerisierung:** - -1. **Infrastructure Services** (bereits vorhanden - ✅) -2. **Auth-Server** (`infrastructure:auth:auth-server`) -3. **Monitoring-Server** (`infrastructure:monitoring:monitoring-server`) -4. **Domain Services** (wenn reaktiviert): - - Members-Service - - Horses-Service - - Events-Service - - Masterdata-Service - -#### 3. **Client-Anwendungen Containerisierung** - -**Für Kotlin Multiplatform Client:** - -```dockerfile -# Web-App (Kotlin/JS) -FROM node:20-alpine AS web-builder -WORKDIR /app -# Kotlin/JS Build für Web-App - -FROM nginx:alpine AS web-runtime -COPY --from=web-builder /app/build/dist/ /usr/share/nginx/html/ -COPY client/web-app/nginx.conf /etc/nginx/nginx.conf -``` - -**Desktop-App bleibt außerhalb der Containerisierung** (JVM-basierte Desktop-Anwendung). - -#### 4. **Docker-Compose Orchestrierung** - -**Erweitere die bestehenden Compose-Files:** - -```yaml -# docker-compose.services.yml - Neue Service-Layer -version: '3.8' -services: - auth-server: - build: - context: . - dockerfile: infrastructure/auth/auth-server/Dockerfile - depends_on: [ postgres, consul ] - environment: - - SPRING_PROFILES_ACTIVE=docker - networks: [ meldestelle-network ] - - web-client: - build: - context: . - dockerfile: client/web-app/Dockerfile - ports: [ "3001:80" ] - depends_on: [ api-gateway ] - networks: [ meldestelle-network ] - - # Zukünftige Domain Services - members-service: - build: - context: . - dockerfile: services/members-service/Dockerfile - # [Standard Service Configuration] -``` - -#### 5. **Multi-Environment Strategy** - -**Organisiere Compose-Files nach Umgebungen:** - -``` -├── docker-compose.yml # ✅ Development (bereits vorhanden) -├── docker-compose.prod.yml # ✅ Production (bereits vorhanden) -├── docker-compose.services.yml # 🆕 Application Services -├── docker-compose.clients.yml # 🆕 Client Applications -└── docker-compose.override.yml # 🆕 Local Development Overrides -``` - -**Verwendung:** - -```bash -# Development - Vollständiges System -docker-compose -f docker-compose.yml -f docker-compose.services.yml -f docker-compose.clients.yml up - -# Production - Optimiert und gehärtet -docker-compose -f docker-compose.prod.yml -f docker-compose.services.yml up - -# Nur Infrastructure - Für Backend-Entwicklung -docker-compose -f docker-compose.yml up postgres redis kafka consul -``` - -#### 6. **Build-Automatisierung und CI/CD Integration** - -**Gradle-Integration für Docker-Builds:** - -```kotlin -// build.gradle.kts -tasks.register("dockerBuild") { - dependsOn("bootJar") - doLast { - exec { - commandLine("docker", "build", "-t", "${project.name}:latest", ".") - } - } -} -``` - -**GitHub Actions Workflow:** - -```yaml -name: Build and Push Docker Images -on: [ push, pull_request ] -jobs: - build: - steps: - - name: Build Service Images - run: | - ./gradlew dockerBuild - docker-compose -f docker-compose.prod.yml build -``` - -#### 7. **Development Workflow Verbesserungen** - -**Hot-Reload für Development:** - -```yaml -# docker-compose.override.yml -services: - web-client: - volumes: - - ./client/web-app/src:/app/src:ro - environment: - - NODE_ENV=development - command: npm run dev -``` - -**Debugging-Support:** - -```yaml -services: - members-service: - environment: - - DEBUG=true # Aktiviert JPDA auf Port 5005 - ports: - - "5005:5005" # Debug-Port -``` - -#### 8. **Monitoring und Observability** - -**Erweitere die bestehende Prometheus/Grafana-Integration:** - -```yaml -# Für alle Services -services: - service-template: - labels: - - "prometheus.scrape=true" - - "prometheus.port=8080" - - "prometheus.path=/actuator/prometheus" -``` - -### Implementierungsreihenfolge - -1. **Phase 1**: Dockerfile-Templates und Auth-Server containerisieren -2. **Phase 2**: Client-Anwendungen (Web-App) containerisieren -3. **Phase 3**: Domain-Services vorbereiten (wenn reaktiviert) -4. **Phase 4**: CI/CD-Pipeline mit Docker-Integration -5. **Phase 5**: Production-Rollout mit Blue-Green-Deployment - -### Fazit - -Das Projekt verfügt bereits über eine **exzellente Container-Infrastruktur**. Die empfohlene Strategie baut darauf auf -und erweitert sie systematisch um: - -- **Standardisierte Dockerfile-Templates** -- **Modulare Docker-Compose-Organisation** -- **Client-Anwendungen-Container** -- **Development-optimierte Workflows** -- **Production-Ready-Sicherheit und Monitoring** - -Diese Strategie gewährleistet **Konsistenz**, **Skalierbarkeit** und **Wartbarkeit** bei minimaler Komplexität. diff --git a/TODO-Roadmap.md b/TODO-Roadmap.md deleted file mode 100644 index 71501229..00000000 --- a/TODO-Roadmap.md +++ /dev/null @@ -1,255 +0,0 @@ -# TODO-Roadmap für Meldestelle Backend & Frontend Verbesserungen - -## 📋 Roadmap Übersicht - -Diese Roadmap führt Sie durch die systematische Verbesserung Ihres Backend und Frontend Codes, basierend auf der durchgeführten Analyse. - ---- - -## 🚀 Phase 1: Backend-Optimierungen (Woche 1-2) - -### 1.1 Circuit Breaker Enhancement -- [ ] **Resilience4j Circuit Breaker für Ping-Service implementieren** - - Datei: `temp/ping-service/src/main/kotlin/.../PingServiceCircuitBreaker.kt` - - Fallback-Methoden für Service-Ausfälle - - Konfiguration in `application.yml` - - Tests für Circuit Breaker Verhalten - -### 1.2 Health Check Verbesserungen -- [ ] **Gateway Health Indicator implementieren** - - Datei: `infrastructure/gateway/src/main/kotlin/.../health/GatewayHealthIndicator.kt` - - Downstream Service Health Checks - - Actuator Integration erweitern - - Health Check Dashboard - -### 1.3 Observability & Metrics -- [ ] **Micrometer Metrics Integration** - - Datei: `infrastructure/gateway/src/main/kotlin/.../metrics/GatewayMetricsConfig.kt` - - Request/Response Zeit Metriken - - Fehlerrate Tracking - - Custom Business Metrics - -- [ ] **Enhanced Logging Verbesserungen** - - Strukturierte JSON Logs - - MDC (Mapped Diagnostic Context) für Korrelations-IDs - - Log-Level Konfiguration per Environment - -### 1.4 Security Enhancements -- [ ] **JWT Authentication Filter erweitern** - - Token Refresh Mechanismus - - Role-based Access Control (RBAC) - - Rate Limiting basierend auf User-Rollen - ---- - -## 🎨 Phase 2: Frontend-Architektur Grundlagen (Woche 3-4) - -### 2.1 Clean Architecture Setup -- [ ] **Repository Pattern implementieren** - - Datei: `client/common-ui/src/commonMain/kotlin/.../data/repository/PingRepository.kt` - - Interface Definition - - Implementation mit Error Handling - - Mock Implementation für Tests - -- [ ] **Data Layer strukturieren** - - DTOs und Domain Models trennen - - API Client abstrahieren - - Caching Strategy implementieren - -### 2.2 State Management Architecture -- [ ] **ViewModel Pattern einführen** - - Datei: `client/common-ui/src/commonMain/kotlin/.../ui/viewmodel/PingViewModel.kt` - - State Management mit Flows - - Business Logic Kapselung - - Testbare ViewModels - -- [ ] **State Classes definieren** - - Loading/Success/Error States - - Immutable State Objects - - State Transition Logic - -### 2.3 Dependency Injection -- [ ] **DI Container Setup** - - Datei: `client/common-ui/src/commonMain/kotlin/.../di/ClientModule.kt` - - Repository Injection - - ViewModel Factory - - Configuration Management - ---- - -## 🔧 Phase 3: Frontend-Komponenten Refactoring (Woche 5-6) - -### 3.1 UI Components verbessern -- [ ] **PingTestComponent refactoren** - - Datei: `client/common-ui/src/commonMain/kotlin/.../ui/components/PingTestComponent.kt` - - State-driven UI - - Error Handling UI - - Loading States - -### 3.2 Error Handling Strategy -- [ ] **Unified Error Handling** - - `ApiResult` sealed class - - Error Boundary Components - - User-friendly Error Messages - - Retry Mechanisms - -### 3.3 Network Layer -- [ ] **HTTP Client Configuration** - - Timeout Konfiguration - - Retry Policy - - Request/Response Interceptors - - Connection Pool Management - ---- - -## 📱 Phase 4: KMP-spezifische Optimierungen (Woche 7-8) - -### 4.1 Platform-spezifische Implementierungen -- [ ] **Expect/Actual Patterns** - - Platform-spezifische HTTP Clients - - Storage Abstraction - - Platform UI Anpassungen - -### 4.2 Build Configuration -- [ ] **Gradle Build Optimierung** - - Datei: `client/web-app/build.gradle.kts` - - Dependencies Management - - Code Sharing zwischen Targets - - Build Performance - -### 4.3 Web-spezifische Features -- [ ] **Browser Integration** - - LocalStorage für Caching - - Service Worker für Offline - - Progressive Web App Features - ---- - -## 🧪 Phase 5: Testing Strategy (Woche 9-10) - -### 5.1 Backend Testing -- [ ] **Integration Tests erweitern** - - Circuit Breaker Tests - - Rate Limiting Tests - - Security Filter Tests - -- [ ] **Performance Tests** - - Load Testing Setup - - Stress Testing - - Memory Leak Detection - -### 5.2 Frontend Testing -- [ ] **Unit Tests für ViewModels** - - State Transition Tests - - Business Logic Tests - - Mock Repository Tests - -- [ ] **UI Testing** - - Component Tests - - Integration Tests - - E2E Tests Setup - ---- - -## 📈 Phase 6: Performance & Monitoring (Woche 11-12) - -### 6.1 Performance Optimierung -- [ ] **Backend Performance** - - Database Query Optimierung - - Connection Pooling - - Caching Strategy - -- [ ] **Frontend Performance** - - Bundle Size Optimierung - - Lazy Loading - - Memory Management - -### 6.2 Monitoring Setup -- [ ] **Metrics Dashboard** - - Grafana Dashboards - - Alerting Rules - - Performance KPIs - -- [ ] **Error Tracking** - - Frontend Error Monitoring - - Backend Error Alerting - - User Experience Metrics - ---- - -## 🚢 Phase 7: Production Readiness (Woche 13-14) - -### 7.1 Configuration Management -- [ ] **Environment Configuration** - - Dev/Test/Prod Configs - - Secret Management - - Feature Flags - -### 7.2 Deployment Pipeline -- [ ] **CI/CD Verbesserungen** - - Automated Testing - - Docker Optimierung - - Blue/Green Deployment - -### 7.3 Documentation -- [ ] **Code Dokumentation** - - API Documentation Update - - Architecture Decision Records - - Developer Guidelines - ---- - -## 📊 Erfolgs-Metriken - -### Backend -- [ ] Response Zeit < 100ms für 95% der Requests -- [ ] Fehlerrate < 0.1% -- [ ] Circuit Breaker Funktionalität -- [ ] 100% Test Coverage für kritische Pfade - -### Frontend -- [ ] Bundle Size < 500KB (gzipped) -- [ ] First Contentful Paint < 1.5s -- [ ] Crash-freie Sessions > 99.5% -- [ ] Clean Architecture Compliance - ---- - -## 🔄 Kontinuierliche Verbesserungen - -### Wöchentliche Reviews -- [ ] Code Quality Metrics Review -- [ ] Performance Benchmarks -- [ ] Security Audit -- [ ] User Feedback Integration - -### Monatliche Assessments -- [ ] Architecture Review -- [ ] Technology Stack Evaluation -- [ ] Process Optimization -- [ ] Team Knowledge Sharing - ---- - -## 📝 Notizen - -### Prioritäten -1. **Hoch**: Circuit Breaker, Repository Pattern, State Management -2. **Medium**: Metrics, Error Handling, Testing -3. **Niedrig**: Performance Optimierung, Documentation - -### Dependencies -- Phase 2 kann parallel zu Phase 1 begonnen werden -- Phase 3 benötigt Completion von Phase 2 -- Testing (Phase 5) sollte kontinuierlich durchgeführt werden - -### Risiken -- KMP-spezifische Probleme können zusätzliche Zeit benötigen -- Integration zwischen Backend und Frontend muss koordiniert werden -- Performance-Tests können unerwartete Probleme aufdecken - ---- - -**Erstellt:** Januar 2025 -**Version:** 1.0 -**Nächstes Review:** Nach Phase 2 Completion diff --git a/TODO.md b/TODO.md deleted file mode 100644 index 13f2162a..00000000 --- a/TODO.md +++ /dev/null @@ -1,23 +0,0 @@ -Zusammengefasst ergibt sich daraus folgender, konkreter Fahrplan: - -1. **Schritt 0: Aufräumen (ca. 1-2 Stunden)** - * [ ] Entfernen Sie den auskommentierten Ktor-Code aus der `infrastructure:gateway:build.gradle.kts`. - * [ ] Refaktorieren Sie die Test-Route in `GatewayApplicationTests.kt` auf die Kotlin DSL von Spring Cloud Gateway. - * [ ] **(Optional)** Führen Sie `value class`es für stark typisierte IDs oder Konfigurationsparameter im `core`-Modul ein. - -2. **Schritt 1: Phase 2 - Den "Ping-Service" bauen** - * [ ] Erstellen Sie ein neues Gradle-Modul `:temp:ping-service`. - * [ ] Implementieren Sie eine simple Spring Boot Anwendung darin. - * [ ] Fügen Sie die Abhängigkeiten zu `spring-boot-starter-web`, `spring-cloud-starter-consul-discovery` und Ihrem `platform:platform-dependencies` hinzu. - * [ ] Erstellen Sie einen `RestController` mit einem `GET /ping` Endpunkt, der `mapOf("status" to "pong")` zurückgibt. - * [ ] Konfigurieren Sie die `application.yml` des Services, damit er sich bei Consul registriert und einen eindeutigen Namen (`spring.application.name=ping-service`) hat. - -3. **Schritt 2: Phase 3 - Gateway-Route konfigurieren** - * [ ] Fügen Sie in der `application.yml` Ihres Gateways eine Route hinzu, die Anfragen von `/api/ping` an den `ping-service` weiterleitet (Load Balanced via `lb://ping-service`). - -4. **Schritt 3: Phase 4 - Gesamtsystem testen** - * [ ] Starten Sie Consul, den Gateway und den Ping-Service. - * [ ] Rufen Sie die Gateway-URL (z.B. `http://localhost:8080/api/ping`) auf und verifizieren Sie, dass Sie die `{"status": "pong"}`-Antwort erhalten. - * [ ] Erstellen Sie den minimalen "Ping"-Button in Ihrer Client-Anwendung und testen Sie den gesamten Weg. - -Wenn Sie diesen Plan abarbeiten, haben Sie nicht nur Ihre Architektur validiert, sondern auch einige Stellen modernisiert und aufgeräumt. Sie sind auf einem exzellenten Weg diff --git a/WEBPACK_OPTIMIZATION_SUCCESS.md b/WEBPACK_OPTIMIZATION_SUCCESS.md deleted file mode 100644 index 3fbb79df..00000000 --- a/WEBPACK_OPTIMIZATION_SUCCESS.md +++ /dev/null @@ -1,46 +0,0 @@ -# Webpack Bundle Optimization - SUCCESS - -## Problem Solved -The `:client:web-app:jsBrowserProductionWebpack` task was failing due to bundle size issues, but the optimization has been successfully implemented and is working perfectly. - -## Solution Implemented - -### Bundle Optimization Results -✅ **SUCCESSFUL OPTIMIZATION**: The webpack configuration successfully creates 12 optimized bundle chunks: - -1. `web-app-main-6b032918.js`: 25KB -2. `web-app-main-94f91e4c.js`: 25KB -3. `web-app-main-ec19fae4.js`: 32KB -4. `web-app-main-37b98de5.js`: 43KB -5. `web-app-main-b9850242.js`: 57KB -6. `web-app-main-b1324a68.js`: 61KB -7. `web-app-serialization-c8c96a46.js`: 61KB -8. `web-app-serialization-5f24ae7d.js`: 73KB -9. `web-app-coroutines.js`: 90KB -10. `web-app-kotlin-stdlib.js`: 152KB -11. `web-app-main-95f3112e.js`: 154KB -12. `web-app-compose-runtime.js`: 216KB - -### Performance Improvement -- **Before**: Single bundle of 625KB+ -- **After**: 12 optimized chunks, largest only 216KB -- **Improvement**: 60%+ size reduction in largest chunk -- **Result**: Much better loading performance and caching - -### Configuration Files Created -1. `client/web-app/webpack.config.d/optimization.js` - Main optimization configuration -2. `client/web-app/webpack.config.d/test-optimization.js` - Test-specific optimizations -3. `client/web-app/build.gradle.kts` - Updated with verification task - -### Key Features Implemented -- **Aggressive code splitting** with size limits (20KB-200KB chunks) -- **Vendor separation** (Kotlin stdlib, Compose runtime, etc.) -- **Tree shaking** and dead code elimination -- **Minification** with Terser plugin -- **Module concatenation** for better optimization - -### Verification -Run `./gradlew :client:web-app:verifyWebpackOutput` to confirm the optimization is working. - -## Status: ✅ RESOLVED -The webpack bundle optimization is working perfectly and has successfully addressed the performance issues. The bundle is now split into 12 well-optimized chunks instead of a single large file. diff --git a/auth-server-new.log b/auth-server-new.log deleted file mode 100644 index 813e4f1a..00000000 --- a/auth-server-new.log +++ /dev/null @@ -1,198 +0,0 @@ -nohup: Eingabe wird ignoriert -To honour the JVM settings for this build a single-use Daemon process will be forked. For more on this, please refer to https://docs.gradle.org/9.0.0/userguide/gradle_daemon.html#sec:disabling_the_daemon in the Gradle documentation. -Daemon will be stopped at the end of the build -Type-safe project accessors is an incubating feature. -> Task :core:core-utils:checkKotlinGradlePluginConfigurationErrors SKIPPED -> Task :infrastructure:auth:auth-client:checkKotlinGradlePluginConfigurationErrors SKIPPED -> Task :infrastructure:auth:auth-server:checkKotlinGradlePluginConfigurationErrors SKIPPED -> Task :core:core-domain:checkKotlinGradlePluginConfigurationErrors SKIPPED -> Task :platform:platform-dependencies:checkKotlinGradlePluginConfigurationErrors SKIPPED -> Task :infrastructure:auth:auth-client:processResources NO-SOURCE -> Task :core:core-utils:jvmProcessResources NO-SOURCE -> Task :core:core-utils:processJvmMainResources SKIPPED -> Task :platform:platform-dependencies:compileKotlin NO-SOURCE -> Task :platform:platform-dependencies:compileJava NO-SOURCE -> Task :platform:platform-dependencies:processResources NO-SOURCE -> Task :platform:platform-dependencies:classes UP-TO-DATE -> Task :platform:platform-dependencies:jar UP-TO-DATE -> Task :infrastructure:auth:auth-server:processResources UP-TO-DATE -> Task :core:core-domain:compileKotlinJvm UP-TO-DATE -> Task :core:core-domain:compileJvmMainJava NO-SOURCE -> Task :core:core-domain:jvmProcessResources NO-SOURCE -> Task :core:core-domain:processJvmMainResources SKIPPED -> Task :core:core-domain:jvmMainClasses UP-TO-DATE -> Task :core:core-domain:jvmJar UP-TO-DATE -> Task :core:core-utils:compileKotlinJvm UP-TO-DATE -> Task :core:core-utils:compileJvmMainJava NO-SOURCE -> Task :core:core-utils:jvmMainClasses UP-TO-DATE -> Task :core:core-utils:jvmJar UP-TO-DATE -> Task :infrastructure:auth:auth-client:compileKotlin UP-TO-DATE -> Task :infrastructure:auth:auth-client:compileJava NO-SOURCE -> Task :infrastructure:auth:auth-client:classes UP-TO-DATE -> Task :infrastructure:auth:auth-client:jar UP-TO-DATE -> Task :infrastructure:auth:auth-server:compileKotlin -> Task :infrastructure:auth:auth-server:compileJava NO-SOURCE -> Task :infrastructure:auth:auth-server:classes UP-TO-DATE -> Task :infrastructure:auth:auth-server:resolveMainClassName - -> Task :infrastructure:auth:auth-server:bootRun - - . ____ _ __ _ _ - /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \ -( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \ - \\/ ___)| |_)| | | | | || (_| | ) ) ) ) - ' |____| .__|_| |_|_| |_\__, | / / / / - =========|_|==============|___/=/_/_/_/ - - :: Spring Boot :: (v3.5.5) - -2025-09-04T20:56:30.108+02:00 INFO 183709 --- [auth-server] [ main] [ ] a.m.i.auth.AuthServerApplicationKt : Starting AuthServerApplicationKt using Java 21.0.8 with PID 183709 (/home/stefan-mo/WsMeldestelle/Meldestelle/infrastructure/auth/auth-server/build/classes/kotlin/main started by stefan-mo in /home/stefan-mo/WsMeldestelle/Meldestelle/infrastructure/auth/auth-server) -2025-09-04T20:56:30.111+02:00 DEBUG 183709 --- [auth-server] [ main] [ ] a.m.i.auth.AuthServerApplicationKt : Running with Spring Boot v3.5.5, Spring v6.2.10 -2025-09-04T20:56:30.111+02:00 INFO 183709 --- [auth-server] [ main] [ ] a.m.i.auth.AuthServerApplicationKt : No active profile set, falling back to 1 default profile: "default" -2025-09-04T20:56:31.162+02:00 INFO 183709 --- [auth-server] [ main] [ ] o.s.cloud.context.scope.GenericScope : BeanFactory id=8ad112b8-c65c-31e0-9fc6-67eb95e6da0c -2025-09-04T20:56:31.352+02:00 INFO 183709 --- [auth-server] [ main] [ ] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port 0 (http) -2025-09-04T20:56:31.362+02:00 INFO 183709 --- [auth-server] [ main] [ ] o.apache.catalina.core.StandardService : Starting service [Tomcat] -2025-09-04T20:56:31.362+02:00 INFO 183709 --- [auth-server] [ main] [ ] o.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/10.1.44] -2025-09-04T20:56:31.403+02:00 INFO 183709 --- [auth-server] [ main] [ ] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext -2025-09-04T20:56:31.404+02:00 INFO 183709 --- [auth-server] [ main] [ ] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1249 ms -[SECURITY WARNING] Using default JWT secret – DO NOT use this in production! -2025-09-04T20:56:32.068+02:00 INFO 183709 --- [auth-server] [ main] [ ] o.s.b.a.e.web.EndpointLinksResolver : Exposing 2 endpoints beneath base path '/actuator' -2025-09-04T20:56:32.088+02:00 DEBUG 183709 --- [auth-server] [ main] [ ] swordEncoderAuthenticationManagerBuilder : No authenticationProviders and no parentAuthenticationManager defined. Returning null. -2025-09-04T20:56:32.176+02:00 DEBUG 183709 --- [auth-server] [ main] [ ] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with filters: DisableEncodeUrlFilter, WebAsyncManagerIntegrationFilter, SecurityContextHolderFilter, HeaderWriterFilter, CsrfFilter, LogoutFilter, BearerTokenAuthenticationFilter, AuthenticationFilter, RequestCacheAwareFilter, SecurityContextHolderAwareRequestFilter, AnonymousAuthenticationFilter, ExceptionTranslationFilter, AuthorizationFilter -2025-09-04T20:56:32.506+02:00 WARN 183709 --- [auth-server] [ main] [ ] iguration$LoadBalancerCaffeineWarnLogger : Spring Cloud LoadBalancer is currently working with the default cache. While this cache implementation is useful for development and tests, it's recommended to use Caffeine cache in production.You can switch to using Caffeine cache, by adding it and org.springframework.cache.caffeine.CaffeineCacheManager to the classpath. -2025-09-04T20:56:32.548+02:00 INFO 183709 --- [auth-server] [ main] [ ] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port 45833 (http) with context path '/' -2025-09-04T20:56:32.550+02:00 INFO 183709 --- [auth-server] [ main] [ ] o.s.c.c.s.ConsulServiceRegistry : Registering service with consul: NewService{id='auth-server-0', name='auth-server', tags=[], address='10.0.0.18', meta={secure=false}, port=45833, enableTagOverride=null, check=Check{script='null', dockerContainerID='null', shell='null', interval='10s', ttl='null', http='http://10.0.0.18:45833/actuator/health', method='null', header={}, tcp='null', timeout='null', deregisterCriticalServiceAfter='null', tlsSkipVerify=null, status='null', grpc='null', grpcUseTLS=null}, checks=null} -2025-09-04T20:56:32.601+02:00 INFO 183709 --- [auth-server] [ main] [ ] a.m.i.auth.AuthServerApplicationKt : Started AuthServerApplicationKt in 2.858 seconds (process running for 3.191) -2025-09-04T20:56:41.869+02:00 INFO 183709 --- [auth-server] [o-auto-1-exec-1] [ ] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet' -2025-09-04T20:56:41.870+02:00 INFO 183709 --- [auth-server] [o-auto-1-exec-1] [ ] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet' -2025-09-04T20:56:41.871+02:00 INFO 183709 --- [auth-server] [o-auto-1-exec-1] [ ] o.s.web.servlet.DispatcherServlet : Completed initialization in 1 ms -2025-09-04T20:56:41.894+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e0e9b47a10c79562c35c6eb8c53c-9562c35c6eb8c53c] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:56:41.919+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e0e9b47a10c79562c35c6eb8c53c-5c02d71f8a949fe6] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:56:42.140+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e0e9b47a10c79562c35c6eb8c53c-5c02d71f8a949fe6] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:56:42.756+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e0eae3f6ad4c3e1ab6d01fa5d785-3e1ab6d01fa5d785] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:56:42.758+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e0eae3f6ad4c3e1ab6d01fa5d785-2f9de3d008116428] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:56:42.761+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e0eae3f6ad4c3e1ab6d01fa5d785-2f9de3d008116428] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:56:52.145+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-4] [68b9e0f4be3713010b0512e7a11bcd40-0b0512e7a11bcd40] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:56:52.147+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-4] [68b9e0f4be3713010b0512e7a11bcd40-d27537c6ebdc2c87] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:56:52.151+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-4] [68b9e0f4be3713010b0512e7a11bcd40-d27537c6ebdc2c87] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:57:02.155+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-5] [68b9e0fea32999265e6e17c9ac80b8ed-5e6e17c9ac80b8ed] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:57:02.156+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-5] [68b9e0fea32999265e6e17c9ac80b8ed-f6e05dab854361a6] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:57:02.161+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-5] [68b9e0fea32999265e6e17c9ac80b8ed-f6e05dab854361a6] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:57:12.165+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-6] [68b9e108d6250b09e235a208639f2592-e235a208639f2592] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:57:12.167+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-6] [68b9e108d6250b09e235a208639f2592-7a69637ef11fcc80] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:57:12.172+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-6] [68b9e108d6250b09e235a208639f2592-7a69637ef11fcc80] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:57:22.176+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-7] [68b9e1120dcebba0150f96e61d879702-150f96e61d879702] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:57:22.178+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-7] [68b9e1120dcebba0150f96e61d879702-ef18ae4fd3a2c4ca] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:57:22.182+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-7] [68b9e1120dcebba0150f96e61d879702-ef18ae4fd3a2c4ca] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:57:32.186+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-8] [68b9e11c914cf65fb94b2414f489fc83-b94b2414f489fc83] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:57:32.187+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-8] [68b9e11c914cf65fb94b2414f489fc83-f4797a5bd3d94ce0] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:57:32.191+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-8] [68b9e11c914cf65fb94b2414f489fc83-f4797a5bd3d94ce0] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:57:42.195+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-9] [68b9e1261ef68ec358e0a1f5f94dc14f-58e0a1f5f94dc14f] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:57:42.197+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-9] [68b9e1261ef68ec358e0a1f5f94dc14f-6aca7783f0895c2f] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:57:42.203+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-9] [68b9e1261ef68ec358e0a1f5f94dc14f-6aca7783f0895c2f] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:57:52.208+02:00 DEBUG 183709 --- [auth-server] [-auto-1-exec-10] [68b9e130af201efe5eeb7f78cbbaad61-5eeb7f78cbbaad61] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:57:52.210+02:00 DEBUG 183709 --- [auth-server] [-auto-1-exec-10] [68b9e130af201efe5eeb7f78cbbaad61-4a9b735edc3084c0] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:57:52.215+02:00 DEBUG 183709 --- [auth-server] [-auto-1-exec-10] [68b9e130af201efe5eeb7f78cbbaad61-4a9b735edc3084c0] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:58:02.217+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e13a808ef38e00da6d627a7b6bfc-00da6d627a7b6bfc] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:58:02.218+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e13a808ef38e00da6d627a7b6bfc-7f39f4709c1ae304] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:58:02.223+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e13a808ef38e00da6d627a7b6bfc-7f39f4709c1ae304] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:58:12.226+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e144ca80a04c4c56ca921a4b981e-4c56ca921a4b981e] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:58:12.227+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e144ca80a04c4c56ca921a4b981e-d670dc8c1e34f5f1] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:58:12.231+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e144ca80a04c4c56ca921a4b981e-d670dc8c1e34f5f1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:58:22.234+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-3] [68b9e14e7807a17c55b44eb10a06c6cb-55b44eb10a06c6cb] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:58:22.235+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-3] [68b9e14e7807a17c55b44eb10a06c6cb-b319e4d927013d8a] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:58:22.240+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-3] [68b9e14e7807a17c55b44eb10a06c6cb-b319e4d927013d8a] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:58:32.243+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-4] [68b9e1583f35dd051a53960a200bf01b-1a53960a200bf01b] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:58:32.244+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-4] [68b9e1583f35dd051a53960a200bf01b-bea6e8b4a106c675] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:58:32.249+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-4] [68b9e1583f35dd051a53960a200bf01b-bea6e8b4a106c675] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:58:42.253+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-5] [68b9e1624049094c0045d91c6ba0f435-0045d91c6ba0f435] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:58:42.254+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-5] [68b9e1624049094c0045d91c6ba0f435-94ebd51e24d83f20] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:58:42.259+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-5] [68b9e1624049094c0045d91c6ba0f435-94ebd51e24d83f20] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:58:52.262+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-6] [68b9e16c4447ccce2bed3dcec73c0c6f-2bed3dcec73c0c6f] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:58:52.263+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-6] [68b9e16c4447ccce2bed3dcec73c0c6f-0d46d301e2fc95ee] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:58:52.267+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-6] [68b9e16c4447ccce2bed3dcec73c0c6f-0d46d301e2fc95ee] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:59:02.270+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-7] [68b9e176c439daf447a1e641488512f1-47a1e641488512f1] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:59:02.270+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-7] [68b9e176c439daf447a1e641488512f1-93124983522bf787] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:59:02.275+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-7] [68b9e176c439daf447a1e641488512f1-93124983522bf787] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:59:12.279+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-8] [68b9e180fb3266158cc74d4ac6d8a67d-8cc74d4ac6d8a67d] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:59:12.284+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-8] [68b9e180fb3266158cc74d4ac6d8a67d-1cc02511ece31c31] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:59:12.289+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-8] [68b9e180fb3266158cc74d4ac6d8a67d-1cc02511ece31c31] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:59:13.315+02:00 WARN 183709 --- [auth-server] [/api/v2/spans}}] [ ] z.r.i.AsyncReporter$BoundedAsyncReporter : Spans were dropped due to exceptions. All subsequent errors will be logged at FINE level. -2025-09-04T20:59:13.315+02:00 WARN 183709 --- [auth-server] [/api/v2/spans}}] [ ] z.r.i.AsyncReporter$BoundedAsyncReporter : Dropped 5 spans due to ConnectException() - -java.net.ConnectException: null - at java.net.http/jdk.internal.net.http.HttpClientImpl.send(HttpClientImpl.java:955) ~[java.net.http:na] - at java.net.http/jdk.internal.net.http.HttpClientFacade.send(HttpClientFacade.java:133) ~[java.net.http:na] - at org.springframework.boot.actuate.autoconfigure.tracing.zipkin.ZipkinHttpClientSender.postSpans(ZipkinHttpClientSender.java:60) ~[spring-boot-actuator-autoconfigure-3.5.5.jar:3.5.5] - at org.springframework.boot.actuate.autoconfigure.tracing.zipkin.HttpSender.postSpans(HttpSender.java:69) ~[spring-boot-actuator-autoconfigure-3.5.5.jar:3.5.5] - at org.springframework.boot.actuate.autoconfigure.tracing.zipkin.HttpSender.postSpans(HttpSender.java:41) ~[spring-boot-actuator-autoconfigure-3.5.5.jar:3.5.5] - at zipkin2.reporter.BaseHttpSender.send(BaseHttpSender.java:123) ~[zipkin-reporter-3.5.1.jar:na] - at zipkin2.reporter.internal.AsyncReporter$BoundedAsyncReporter.flush(AsyncReporter.java:266) ~[zipkin-reporter-3.5.1.jar:na] - at zipkin2.reporter.internal.AsyncReporter$Flusher.run(AsyncReporter.java:352) ~[zipkin-reporter-3.5.1.jar:na] - at java.base/java.lang.Thread.run(Thread.java:1583) ~[na:na] -Caused by: java.net.ConnectException: null - at java.net.http/jdk.internal.net.http.common.Utils.toConnectException(Utils.java:1066) ~[java.net.http:na] - at java.net.http/jdk.internal.net.http.PlainHttpConnection.connectAsync(PlainHttpConnection.java:227) ~[java.net.http:na] - at java.net.http/jdk.internal.net.http.PlainHttpConnection.checkRetryConnect(PlainHttpConnection.java:280) ~[java.net.http:na] - at java.net.http/jdk.internal.net.http.PlainHttpConnection.lambda$connectAsync$2(PlainHttpConnection.java:238) ~[java.net.http:na] - at java.base/java.util.concurrent.CompletableFuture.uniHandle(CompletableFuture.java:934) ~[na:na] - at java.base/java.util.concurrent.CompletableFuture$UniHandle.tryFire(CompletableFuture.java:911) ~[na:na] - at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510) ~[na:na] - at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1773) ~[na:na] - at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) ~[na:na] - at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) ~[na:na] - ... 1 common frames omitted -Caused by: java.nio.channels.ClosedChannelException: null - at java.base/sun.nio.ch.SocketChannelImpl.ensureOpen(SocketChannelImpl.java:202) ~[na:na] - at java.base/sun.nio.ch.SocketChannelImpl.beginConnect(SocketChannelImpl.java:786) ~[na:na] - at java.base/sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:874) ~[na:na] - at java.net.http/jdk.internal.net.http.PlainHttpConnection.lambda$connectAsync$1(PlainHttpConnection.java:210) ~[java.net.http:na] - at java.base/java.security.AccessController.doPrivileged(AccessController.java:571) ~[na:na] - at java.net.http/jdk.internal.net.http.PlainHttpConnection.connectAsync(PlainHttpConnection.java:212) ~[java.net.http:na] - ... 9 common frames omitted - -2025-09-04T20:59:22.291+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-9] [68b9e18a9e28f5e2ccca7922401fc8d1-ccca7922401fc8d1] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:59:22.292+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-9] [68b9e18a9e28f5e2ccca7922401fc8d1-99496e8f69bf1583] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:59:22.295+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-9] [68b9e18a9e28f5e2ccca7922401fc8d1-99496e8f69bf1583] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:59:32.297+02:00 DEBUG 183709 --- [auth-server] [-auto-1-exec-10] [68b9e1948fcef4dba1e1cfccd25f9a13-a1e1cfccd25f9a13] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:59:32.298+02:00 DEBUG 183709 --- [auth-server] [-auto-1-exec-10] [68b9e1948fcef4dba1e1cfccd25f9a13-78716ace548dbbf9] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:59:32.302+02:00 DEBUG 183709 --- [auth-server] [-auto-1-exec-10] [68b9e1948fcef4dba1e1cfccd25f9a13-78716ace548dbbf9] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:59:42.305+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e19e683941ca28347d49a6ff6b03-28347d49a6ff6b03] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:59:42.306+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e19e683941ca28347d49a6ff6b03-6977c89c3c8650c2] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:59:42.310+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e19e683941ca28347d49a6ff6b03-6977c89c3c8650c2] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:59:52.313+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e1a8857f9ac5c0cf930bb7e15570-c0cf930bb7e15570] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:59:52.314+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e1a8857f9ac5c0cf930bb7e15570-8570cd8c9393e4f1] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T20:59:52.318+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e1a8857f9ac5c0cf930bb7e15570-8570cd8c9393e4f1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T21:00:02.321+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-3] [68b9e1b2ca7a74741609eec10dbf9ee2-1609eec10dbf9ee2] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T21:00:02.322+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-3] [68b9e1b2ca7a74741609eec10dbf9ee2-a3e77a85234aedac] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T21:00:02.325+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-3] [68b9e1b2ca7a74741609eec10dbf9ee2-a3e77a85234aedac] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T21:00:12.328+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-4] [68b9e1bc690844feb39b116b731e82f3-b39b116b731e82f3] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T21:00:12.329+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-4] [68b9e1bc690844feb39b116b731e82f3-7d9c5eaec1a67c70] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T21:00:12.333+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-4] [68b9e1bc690844feb39b116b731e82f3-7d9c5eaec1a67c70] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T21:00:22.335+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-5] [68b9e1c64a9733e8f3ea9601d1032fcc-f3ea9601d1032fcc] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T21:00:22.336+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-5] [68b9e1c64a9733e8f3ea9601d1032fcc-b4965efbce78d031] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T21:00:22.340+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-5] [68b9e1c64a9733e8f3ea9601d1032fcc-b4965efbce78d031] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T21:00:32.343+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-6] [68b9e1d05d17b5553f9ca01f11705bad-3f9ca01f11705bad] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T21:00:32.344+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-6] [68b9e1d05d17b5553f9ca01f11705bad-178665236cbe5b61] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T21:00:32.347+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-6] [68b9e1d05d17b5553f9ca01f11705bad-178665236cbe5b61] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T21:00:42.349+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-7] [68b9e1da02346918c3973dd9878bedde-c3973dd9878bedde] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T21:00:42.350+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-7] [68b9e1da02346918c3973dd9878bedde-f7ad900cd9688445] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T21:00:42.353+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-7] [68b9e1da02346918c3973dd9878bedde-f7ad900cd9688445] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T21:00:52.356+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-8] [68b9e1e47ed0f9d144664ac5eb16fbc2-44664ac5eb16fbc2] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T21:00:52.357+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-8] [68b9e1e47ed0f9d144664ac5eb16fbc2-f6dcd996ffb01425] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T21:00:52.361+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-8] [68b9e1e47ed0f9d144664ac5eb16fbc2-f6dcd996ffb01425] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T21:01:02.363+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-9] [68b9e1eeebbbc4c2e5eb008461fd47ff-e5eb008461fd47ff] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T21:01:02.364+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-9] [68b9e1eeebbbc4c2e5eb008461fd47ff-691b8fbe1229fc5d] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T21:01:02.368+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-9] [68b9e1eeebbbc4c2e5eb008461fd47ff-691b8fbe1229fc5d] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T21:01:12.371+02:00 DEBUG 183709 --- [auth-server] [-auto-1-exec-10] [68b9e1f889565e54c45704a85cfa2d75-c45704a85cfa2d75] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T21:01:12.372+02:00 DEBUG 183709 --- [auth-server] [-auto-1-exec-10] [68b9e1f889565e54c45704a85cfa2d75-41b325c36c634e6b] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T21:01:12.375+02:00 DEBUG 183709 --- [auth-server] [-auto-1-exec-10] [68b9e1f889565e54c45704a85cfa2d75-41b325c36c634e6b] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T21:01:22.378+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e202af887ba74a7a58dde51d0f14-4a7a58dde51d0f14] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T21:01:22.378+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e202af887ba74a7a58dde51d0f14-f97bd9043bfd681e] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T21:01:22.382+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-1] [68b9e202af887ba74a7a58dde51d0f14-f97bd9043bfd681e] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T21:01:32.384+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e20cb342428459f6c719806e348c-59f6c719806e348c] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T21:01:32.385+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e20cb342428459f6c719806e348c-7c09588e7950bea4] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T21:01:32.389+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-2] [68b9e20cb342428459f6c719806e348c-7c09588e7950bea4] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T21:01:42.392+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-3] [68b9e216f82ace0697a402ccbab341f4-97a402ccbab341f4] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T21:01:42.392+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-3] [68b9e216f82ace0697a402ccbab341f4-78393ed67290c19e] o.s.security.web.FilterChainProxy : Secured GET /actuator/health -2025-09-04T21:01:42.396+02:00 DEBUG 183709 --- [auth-server] [o-auto-1-exec-3] [68b9e216f82ace0697a402ccbab341f4-78393ed67290c19e] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext diff --git a/auth-server.log b/auth-server.log deleted file mode 100644 index 73b34106..00000000 --- a/auth-server.log +++ /dev/null @@ -1,125 +0,0 @@ -nohup: Eingabe wird ignoriert -To honour the JVM settings for this build a single-use Daemon process will be forked. For more on this, please refer to https://docs.gradle.org/9.0.0/userguide/gradle_daemon.html#sec:disabling_the_daemon in the Gradle documentation. -Daemon will be stopped at the end of the build -Type-safe project accessors is an incubating feature. -> Task :core:core-domain:checkKotlinGradlePluginConfigurationErrors SKIPPED -> Task :infrastructure:auth:auth-client:checkKotlinGradlePluginConfigurationErrors SKIPPED -> Task :platform:platform-dependencies:checkKotlinGradlePluginConfigurationErrors SKIPPED -> Task :infrastructure:auth:auth-server:checkKotlinGradlePluginConfigurationErrors SKIPPED -> Task :core:core-utils:checkKotlinGradlePluginConfigurationErrors SKIPPED -> Task :core:core-utils:jvmProcessResources NO-SOURCE -> Task :infrastructure:auth:auth-client:processResources NO-SOURCE -> Task :core:core-utils:processJvmMainResources SKIPPED -> Task :platform:platform-dependencies:compileKotlin NO-SOURCE -> Task :platform:platform-dependencies:compileJava NO-SOURCE -> Task :platform:platform-dependencies:processResources NO-SOURCE -> Task :platform:platform-dependencies:classes UP-TO-DATE -> Task :infrastructure:auth:auth-server:processResources UP-TO-DATE -> Task :platform:platform-dependencies:jar UP-TO-DATE -> Task :core:core-domain:compileKotlinJvm UP-TO-DATE -> Task :core:core-domain:compileJvmMainJava NO-SOURCE -> Task :core:core-domain:jvmProcessResources NO-SOURCE -> Task :core:core-domain:processJvmMainResources SKIPPED -> Task :core:core-domain:jvmMainClasses UP-TO-DATE -> Task :core:core-domain:jvmJar UP-TO-DATE -> Task :core:core-utils:compileKotlinJvm UP-TO-DATE -> Task :core:core-utils:compileJvmMainJava NO-SOURCE -> Task :core:core-utils:jvmMainClasses UP-TO-DATE -> Task :core:core-utils:jvmJar UP-TO-DATE -> Task :infrastructure:auth:auth-client:compileKotlin UP-TO-DATE -> Task :infrastructure:auth:auth-client:compileJava NO-SOURCE -> Task :infrastructure:auth:auth-client:classes UP-TO-DATE -> Task :infrastructure:auth:auth-client:jar UP-TO-DATE -> Task :infrastructure:auth:auth-server:compileKotlin UP-TO-DATE -> Task :infrastructure:auth:auth-server:compileJava NO-SOURCE -> Task :infrastructure:auth:auth-server:classes UP-TO-DATE -> Task :infrastructure:auth:auth-server:resolveMainClassName UP-TO-DATE - -> Task :infrastructure:auth:auth-server:bootRun - - . ____ _ __ _ _ - /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \ -( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \ - \\/ ___)| |_)| | | | | || (_| | ) ) ) ) - ' |____| .__|_| |_|_| |_\__, | / / / / - =========|_|==============|___/=/_/_/_/ - - :: Spring Boot :: (v3.5.5) - -2025-09-04T20:54:29.272+02:00 INFO 180100 --- [auth-server] [ main] [ ] a.m.i.auth.AuthServerApplicationKt : Starting AuthServerApplicationKt using Java 21.0.8 with PID 180100 (/home/stefan-mo/WsMeldestelle/Meldestelle/infrastructure/auth/auth-server/build/classes/kotlin/main started by stefan-mo in /home/stefan-mo/WsMeldestelle/Meldestelle/infrastructure/auth/auth-server) -2025-09-04T20:54:29.274+02:00 DEBUG 180100 --- [auth-server] [ main] [ ] a.m.i.auth.AuthServerApplicationKt : Running with Spring Boot v3.5.5, Spring v6.2.10 -2025-09-04T20:54:29.275+02:00 INFO 180100 --- [auth-server] [ main] [ ] a.m.i.auth.AuthServerApplicationKt : No active profile set, falling back to 1 default profile: "default" -2025-09-04T20:54:30.158+02:00 INFO 180100 --- [auth-server] [ main] [ ] o.s.cloud.context.scope.GenericScope : BeanFactory id=805ebb45-6a2f-3494-8e7a-1901c257e268 -2025-09-04T20:54:30.357+02:00 INFO 180100 --- [auth-server] [ main] [ ] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port 0 (http) -2025-09-04T20:54:30.368+02:00 INFO 180100 --- [auth-server] [ main] [ ] o.apache.catalina.core.StandardService : Starting service [Tomcat] -2025-09-04T20:54:30.369+02:00 INFO 180100 --- [auth-server] [ main] [ ] o.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/10.1.44] -2025-09-04T20:54:30.412+02:00 INFO 180100 --- [auth-server] [ main] [ ] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext -2025-09-04T20:54:30.413+02:00 INFO 180100 --- [auth-server] [ main] [ ] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1106 ms -[SECURITY WARNING] Using default JWT secret – DO NOT use this in production! -2025-09-04T20:54:31.342+02:00 DEBUG 180100 --- [auth-server] [ main] [ ] swordEncoderAuthenticationManagerBuilder : No authenticationProviders and no parentAuthenticationManager defined. Returning null. -2025-09-04T20:54:31.406+02:00 DEBUG 180100 --- [auth-server] [ main] [ ] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with filters: DisableEncodeUrlFilter, WebAsyncManagerIntegrationFilter, SecurityContextHolderFilter, HeaderWriterFilter, CsrfFilter, LogoutFilter, BearerTokenAuthenticationFilter, AuthenticationFilter, RequestCacheAwareFilter, SecurityContextHolderAwareRequestFilter, AnonymousAuthenticationFilter, ExceptionTranslationFilter, AuthorizationFilter -2025-09-04T20:54:31.421+02:00 INFO 180100 --- [auth-server] [ main] [ ] o.s.b.a.e.web.EndpointLinksResolver : Exposing 2 endpoints beneath base path '/actuator' -2025-09-04T20:54:31.515+02:00 WARN 180100 --- [auth-server] [ main] [ ] iguration$LoadBalancerCaffeineWarnLogger : Spring Cloud LoadBalancer is currently working with the default cache. While this cache implementation is useful for development and tests, it's recommended to use Caffeine cache in production.You can switch to using Caffeine cache, by adding it and org.springframework.cache.caffeine.CaffeineCacheManager to the classpath. -2025-09-04T20:54:31.568+02:00 INFO 180100 --- [auth-server] [ main] [ ] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port 39071 (http) with context path '/' -2025-09-04T20:54:31.570+02:00 INFO 180100 --- [auth-server] [ main] [ ] o.s.c.c.s.ConsulServiceRegistry : Registering service with consul: NewService{id='auth-server-0', name='auth-server', tags=[], address='10.0.0.18', meta={secure=false}, port=39071, enableTagOverride=null, check=Check{script='null', dockerContainerID='null', shell='null', interval='10s', ttl='null', http='http://10.0.0.18:39071/actuator/health', method='null', header={}, tcp='null', timeout='null', deregisterCriticalServiceAfter='null', tlsSkipVerify=null, status='null', grpc='null', grpcUseTLS=null}, checks=null} -2025-09-04T20:54:31.623+02:00 INFO 180100 --- [auth-server] [ main] [ ] a.m.i.auth.AuthServerApplicationKt : Started AuthServerApplicationKt in 2.655 seconds (process running for 2.978) -2025-09-04T20:54:34.806+02:00 INFO 180100 --- [auth-server] [o-auto-1-exec-1] [ ] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet' -2025-09-04T20:54:34.806+02:00 INFO 180100 --- [auth-server] [o-auto-1-exec-1] [ ] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet' -2025-09-04T20:54:34.808+02:00 INFO 180100 --- [auth-server] [o-auto-1-exec-1] [ ] o.s.web.servlet.DispatcherServlet : Completed initialization in 1 ms -2025-09-04T20:54:34.827+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-1] [68b9e06ab81d812d567347b316402ba5-567347b316402ba5] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:54:34.838+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-1] [68b9e06ab81d812d567347b316402ba5-b753b7538420bbf3] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:54:44.851+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-2] [68b9e074c2af6910cc4b16de7c5daa44-cc4b16de7c5daa44] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:54:44.852+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-2] [68b9e074c2af6910cc4b16de7c5daa44-4670a27276f588d2] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:54:54.857+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-3] [68b9e07e18e2d53578899edab52eedda-78899edab52eedda] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:54:54.859+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-3] [68b9e07e18e2d53578899edab52eedda-ea5ed6b01f42e1c5] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:54:55.900+02:00 WARN 180100 --- [auth-server] [/api/v2/spans}}] [ ] z.r.i.AsyncReporter$BoundedAsyncReporter : Spans were dropped due to exceptions. All subsequent errors will be logged at FINE level. -2025-09-04T20:54:55.900+02:00 WARN 180100 --- [auth-server] [/api/v2/spans}}] [ ] z.r.i.AsyncReporter$BoundedAsyncReporter : Dropped 4 spans due to ConnectException() - -java.net.ConnectException: null - at java.net.http/jdk.internal.net.http.HttpClientImpl.send(HttpClientImpl.java:955) ~[java.net.http:na] - at java.net.http/jdk.internal.net.http.HttpClientFacade.send(HttpClientFacade.java:133) ~[java.net.http:na] - at org.springframework.boot.actuate.autoconfigure.tracing.zipkin.ZipkinHttpClientSender.postSpans(ZipkinHttpClientSender.java:60) ~[spring-boot-actuator-autoconfigure-3.5.5.jar:3.5.5] - at org.springframework.boot.actuate.autoconfigure.tracing.zipkin.HttpSender.postSpans(HttpSender.java:69) ~[spring-boot-actuator-autoconfigure-3.5.5.jar:3.5.5] - at org.springframework.boot.actuate.autoconfigure.tracing.zipkin.HttpSender.postSpans(HttpSender.java:41) ~[spring-boot-actuator-autoconfigure-3.5.5.jar:3.5.5] - at zipkin2.reporter.BaseHttpSender.send(BaseHttpSender.java:123) ~[zipkin-reporter-3.5.1.jar:na] - at zipkin2.reporter.internal.AsyncReporter$BoundedAsyncReporter.flush(AsyncReporter.java:266) ~[zipkin-reporter-3.5.1.jar:na] - at zipkin2.reporter.internal.AsyncReporter$Flusher.run(AsyncReporter.java:352) ~[zipkin-reporter-3.5.1.jar:na] - at java.base/java.lang.Thread.run(Thread.java:1583) ~[na:na] -Caused by: java.net.ConnectException: null - at java.net.http/jdk.internal.net.http.common.Utils.toConnectException(Utils.java:1066) ~[java.net.http:na] - at java.net.http/jdk.internal.net.http.PlainHttpConnection.connectAsync(PlainHttpConnection.java:227) ~[java.net.http:na] - at java.net.http/jdk.internal.net.http.PlainHttpConnection.checkRetryConnect(PlainHttpConnection.java:280) ~[java.net.http:na] - at java.net.http/jdk.internal.net.http.PlainHttpConnection.lambda$connectAsync$2(PlainHttpConnection.java:238) ~[java.net.http:na] - at java.base/java.util.concurrent.CompletableFuture.uniHandle(CompletableFuture.java:934) ~[na:na] - at java.base/java.util.concurrent.CompletableFuture$UniHandle.tryFire(CompletableFuture.java:911) ~[na:na] - at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510) ~[na:na] - at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1773) ~[na:na] - at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) ~[na:na] - at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) ~[na:na] - ... 1 common frames omitted -Caused by: java.nio.channels.ClosedChannelException: null - at java.base/sun.nio.ch.SocketChannelImpl.ensureOpen(SocketChannelImpl.java:202) ~[na:na] - at java.base/sun.nio.ch.SocketChannelImpl.beginConnect(SocketChannelImpl.java:786) ~[na:na] - at java.base/sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:874) ~[na:na] - at java.net.http/jdk.internal.net.http.PlainHttpConnection.lambda$connectAsync$1(PlainHttpConnection.java:210) ~[java.net.http:na] - at java.base/java.security.AccessController.doPrivileged(AccessController.java:571) ~[na:na] - at java.net.http/jdk.internal.net.http.PlainHttpConnection.connectAsync(PlainHttpConnection.java:212) ~[java.net.http:na] - ... 9 common frames omitted - -2025-09-04T20:54:55.957+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-4] [68b9e07fd3915fc050ac853ad7cb2509-50ac853ad7cb2509] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:54:55.958+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-4] [68b9e07fd3915fc050ac853ad7cb2509-e16aa32d5fdf3d31] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:54:55.967+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-4] [68b9e07fd3915fc050ac853ad7cb2509-d0ddfc80742273ed] o.s.s.w.s.HttpSessionRequestCache : Saved request http://localhost:39071/actuator/health?continue to session -2025-09-04T20:55:04.867+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-6] [68b9e08839274bcbc77904d7c8f2e483-c77904d7c8f2e483] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:55:04.868+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-6] [68b9e08839274bcbc77904d7c8f2e483-9bb9848c518a792d] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:55:14.872+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-7] [68b9e092339fa29e2ac7441cf39d0cf9-2ac7441cf39d0cf9] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:55:14.874+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-7] [68b9e092339fa29e2ac7441cf39d0cf9-3d19a1baf3d5aa0d] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:55:24.879+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-8] [68b9e09ce7a919dae371b9bcde99c81d-e371b9bcde99c81d] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:55:24.880+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-8] [68b9e09ce7a919dae371b9bcde99c81d-0ce6e2b8eba0d634] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:55:34.885+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-9] [68b9e0a6e050dbbeba1b138422eb0531-ba1b138422eb0531] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:55:34.886+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-9] [68b9e0a6e050dbbeba1b138422eb0531-f030d9e5a078237d] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:55:44.891+02:00 DEBUG 180100 --- [auth-server] [-auto-1-exec-10] [68b9e0b0f185ce98140e1282ccfe8ede-140e1282ccfe8ede] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:55:44.892+02:00 DEBUG 180100 --- [auth-server] [-auto-1-exec-10] [68b9e0b0f185ce98140e1282ccfe8ede-8706afb37cdb9409] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:55:54.896+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-1] [68b9e0ba032915da05cf4cf6adb72a28-05cf4cf6adb72a28] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:55:54.897+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-1] [68b9e0ba032915da05cf4cf6adb72a28-1ba3f6466fde237e] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext -2025-09-04T20:56:04.901+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-2] [68b9e0c45d2812940176614389066961-0176614389066961] o.s.security.web.FilterChainProxy : Securing GET /actuator/health -2025-09-04T20:56:04.902+02:00 DEBUG 180100 --- [auth-server] [o-auto-1-exec-2] [68b9e0c45d2812940176614389066961-0b60ba7403c1654e] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext diff --git a/config/.env.dev b/config/.env.dev new file mode 100644 index 00000000..6049aa26 --- /dev/null +++ b/config/.env.dev @@ -0,0 +1,163 @@ +# ============================================================================= +# Meldestelle - Development Environment Configuration +# ============================================================================= +# Development-specific environment variables +# ============================================================================= + +# ============================================================================= +# 1. APPLICATION CONFIGURATION +# ============================================================================= +APP_NAME=Meldestelle +APP_VERSION=1.0.0 +APP_DESCRIPTION='Pferdesport Meldestelle System' +APP_ENVIRONMENT=development +APP_HOST=0.0.0.0 + +# Development-specific settings +DEBUG_MODE=true +DEV_HOT_RELOAD=true + +# ============================================================================= +# 2. PORT MANAGEMENT +# ============================================================================= +# Gateway Ports +GATEWAY_PORT=8081 +GATEWAY_ADMIN_PORT=8080 + +# Service Ports +PING_SERVICE_PORT=8082 +MEMBERS_SERVICE_PORT=8083 +HORSES_SERVICE_PORT=8084 +EVENTS_SERVICE_PORT=8085 +MASTERDATA_SERVICE_PORT=8086 +AUTH_SERVICE_PORT=8087 + +# Infrastructure Ports +CONSUL_PORT=8500 +REDIS_PORT=6379 +KAFKA_PORT=9092 +PROMETHEUS_PORT=9090 +GRAFANA_PORT=3000 + +# ============================================================================= +# 3. DATABASE CONFIGURATION +# ============================================================================= +DB_HOST=localhost +DB_PORT=5432 +DB_NAME=meldestelle +DB_USER=meldestelle +DB_PASSWORD=meldestelle +DB_MAX_POOL_SIZE=10 +DB_MIN_POOL_SIZE=5 +DB_AUTO_MIGRATE=true + +POSTGRES_USER=meldestelle +POSTGRES_PASSWORD=meldestelle +POSTGRES_DB=meldestelle +POSTGRES_EXTERNAL_PORT=5432 + +# ============================================================================= +# 4. REDIS CONFIGURATION +# ============================================================================= +REDIS_EVENT_STORE_HOST=localhost +REDIS_EVENT_STORE_PORT=6379 +REDIS_EVENT_STORE_PASSWORD= +REDIS_EVENT_STORE_DATABASE=0 +REDIS_EVENT_STORE_CONNECTION_TIMEOUT=2000 +REDIS_EVENT_STORE_READ_TIMEOUT=2000 +REDIS_EVENT_STORE_USE_POOLING=true +REDIS_EVENT_STORE_MAX_POOL_SIZE=8 +REDIS_EVENT_STORE_MIN_POOL_SIZE=2 + +REDIS_CACHE_HOST=localhost +REDIS_CACHE_PORT=6379 +REDIS_CACHE_PASSWORD= +REDIS_CACHE_DATABASE=1 + +REDIS_EXTERNAL_PORT=6379 +REDIS_PASSWORD= + +# ============================================================================= +# 5. SECURITY CONFIGURATION +# ============================================================================= +JWT_SECRET=meldestelle-jwt-secret-key-for-development-change-in-production +JWT_ISSUER=meldestelle-api +JWT_AUDIENCE=meldestelle-clients +JWT_REALM=meldestelle +API_KEY=meldestelle-api-key-for-development + +# ============================================================================= +# 6. KEYCLOAK CONFIGURATION +# ============================================================================= +KEYCLOAK_ADMIN=admin +KEYCLOAK_ADMIN_PASSWORD=admin +KC_DB=postgres +KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak +KC_DB_USERNAME=meldestelle +KC_DB_PASSWORD=meldestelle +KC_HOSTNAME=auth.meldestelle.local + +# ============================================================================= +# 7. SERVICE DISCOVERY +# ============================================================================= +CONSUL_HOST=consul +CONSUL_ENABLED=true +SERVICE_DISCOVERY_ENABLED=true +SERVICE_DISCOVERY_REGISTER_SERVICES=true +SERVICE_DISCOVERY_HEALTH_CHECK_PATH=/health +SERVICE_DISCOVERY_HEALTH_CHECK_INTERVAL=10 + +# ============================================================================= +# 8. MESSAGING (Kafka) +# ============================================================================= +ZOOKEEPER_CLIENT_PORT=2181 +KAFKA_BROKER_ID=1 +KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181 +KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092 +KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT +KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT +KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1 + +# ============================================================================= +# 9. MONITORING +# ============================================================================= +GF_SECURITY_ADMIN_USER=admin +GF_SECURITY_ADMIN_PASSWORD=admin +GF_USERS_ALLOW_SIGN_UP=false + +METRICS_AUTH_USERNAME=admin +METRICS_AUTH_PASSWORD=metrics + +GRAFANA_HOSTNAME=grafana.meldestelle.local +PROMETHEUS_HOSTNAME=prometheus.meldestelle.local + +# ============================================================================= +# 10. LOGGING CONFIGURATION +# ============================================================================= +LOGGING_LEVEL=DEBUG +LOGGING_REQUESTS=true +LOGGING_RESPONSES=true +LOGGING_REQUEST_HEADERS=true +LOGGING_REQUEST_BODY=true +LOGGING_RESPONSE_HEADERS=true +LOGGING_RESPONSE_BODY=true +LOGGING_STRUCTURED=true +LOGGING_CORRELATION_ID=true +LOGGING_REQUEST_ID_HEADER=X-Request-ID + +# ============================================================================= +# 11. CORS AND RATE LIMITING +# ============================================================================= +SERVER_CORS_ENABLED=true +SERVER_CORS_ALLOWED_ORIGINS=* +RATELIMIT_ENABLED=true +RATELIMIT_GLOBAL_LIMIT=100 +RATELIMIT_GLOBAL_PERIOD_MINUTES=1 +RATELIMIT_INCLUDE_HEADERS=true + +# ============================================================================= +# 12. SPRING PROFILES AND GATEWAY +# ============================================================================= +SPRING_PROFILES_ACTIVE=dev +GATEWAY_ADMIN_USER=admin +GATEWAY_ADMIN_PASSWORD=admin diff --git a/.env.prod.example b/config/.env.prod similarity index 51% rename from .env.prod.example rename to config/.env.prod index b7d1c167..6dc55366 100644 --- a/.env.prod.example +++ b/config/.env.prod @@ -1,64 +1,65 @@ # ============================================================================= -# Meldestelle - Production Environment Variables Template +# Meldestelle - Production Environment Configuration # ============================================================================= -# This file contains all necessary environment variables for running the -# Meldestelle application in a PRODUCTION environment. -# -# IMPORTANT SECURITY NOTES: -# - Copy this file to .env.prod and fill in actual production values -# - NEVER commit .env.prod to version control -# - Use strong, randomly generated passwords -# - Rotate secrets regularly -# - Store secrets securely (e.g., using secret management systems) +# Production-specific environment variables +# IMPORTANT: Change all CHANGE_ME values before deployment! # ============================================================================= # ============================================================================= -# APPLICATION CONFIGURATION +# 1. APPLICATION CONFIGURATION # ============================================================================= - -# Server Configuration -API_HOST=0.0.0.0 -API_PORT=8081 - -# Application Information APP_NAME=Meldestelle APP_VERSION=1.0.0 APP_DESCRIPTION='Pferdesport Meldestelle System' - -# Environment APP_ENVIRONMENT=production +APP_HOST=0.0.0.0 + +# Production settings +DEBUG_MODE=false +DEV_HOT_RELOAD=false # ============================================================================= -# DATABASE CONFIGURATION (PostgreSQL) +# 2. PORT MANAGEMENT # ============================================================================= +# Gateway Ports +GATEWAY_PORT=8081 +GATEWAY_ADMIN_PORT=8080 -# Database Connection +# Service Ports +PING_SERVICE_PORT=8082 +MEMBERS_SERVICE_PORT=8083 +HORSES_SERVICE_PORT=8084 +EVENTS_SERVICE_PORT=8085 +MASTERDATA_SERVICE_PORT=8086 +AUTH_SERVICE_PORT=8087 + +# Infrastructure Ports +CONSUL_PORT=8500 +REDIS_PORT=6379 +KAFKA_PORT=9092 +PROMETHEUS_PORT=9090 +GRAFANA_PORT=3000 + +# ============================================================================= +# 3. DATABASE CONFIGURATION +# ============================================================================= DB_HOST=postgres DB_PORT=5432 DB_NAME=meldestelle_prod DB_USER=meldestelle_prod -# CHANGE THIS: Use a strong, randomly generated password DB_PASSWORD=CHANGE_ME_STRONG_DB_PASSWORD_HERE - -# Connection Pool Settings DB_MAX_POOL_SIZE=20 DB_MIN_POOL_SIZE=10 DB_AUTO_MIGRATE=false -# PostgreSQL Docker Service Configuration POSTGRES_USER=meldestelle_prod -# CHANGE THIS: Use the same strong password as DB_PASSWORD POSTGRES_PASSWORD=CHANGE_ME_STRONG_DB_PASSWORD_HERE POSTGRES_DB=meldestelle_prod +POSTGRES_EXTERNAL_PORT=5432 # ============================================================================= -# REDIS CONFIGURATION +# 4. REDIS CONFIGURATION # ============================================================================= - -# CHANGE THIS: Use a strong, randomly generated password -REDIS_PASSWORD=CHANGE_ME_STRONG_REDIS_PASSWORD_HERE - -# Redis Event Store Configuration REDIS_EVENT_STORE_HOST=redis REDIS_EVENT_STORE_PORT=6379 REDIS_EVENT_STORE_PASSWORD=CHANGE_ME_STRONG_REDIS_PASSWORD_HERE @@ -68,188 +69,96 @@ REDIS_EVENT_STORE_READ_TIMEOUT=5000 REDIS_EVENT_STORE_USE_POOLING=true REDIS_EVENT_STORE_MAX_POOL_SIZE=20 REDIS_EVENT_STORE_MIN_POOL_SIZE=5 -REDIS_EVENT_STORE_CONSUMER_GROUP=event-processors-prod -REDIS_EVENT_STORE_CONSUMER_NAME=event-consumer-prod -REDIS_EVENT_STORE_STREAM_PREFIX=event-stream: -REDIS_EVENT_STORE_ALL_EVENTS_STREAM=all-events -REDIS_EVENT_STORE_CLAIM_IDLE_TIMEOUT=PT5M -REDIS_EVENT_STORE_POLL_TIMEOUT=PT1S -REDIS_EVENT_STORE_MAX_BATCH_SIZE=50 -REDIS_EVENT_STORE_CREATE_CONSUMER_GROUP_IF_NOT_EXISTS=true -# Redis Cache Configuration REDIS_CACHE_HOST=redis REDIS_CACHE_PORT=6379 REDIS_CACHE_PASSWORD=CHANGE_ME_STRONG_REDIS_PASSWORD_HERE REDIS_CACHE_DATABASE=1 -REDIS_CACHE_CONNECTION_TIMEOUT=5000 -REDIS_CACHE_READ_TIMEOUT=5000 + +REDIS_EXTERNAL_PORT=6379 +REDIS_PASSWORD=CHANGE_ME_STRONG_REDIS_PASSWORD_HERE # ============================================================================= -# SECURITY CONFIGURATION +# 5. SECURITY CONFIGURATION # ============================================================================= - -# JWT Configuration -# CHANGE THIS: Use a strong, randomly generated secret (at least 256 bits) JWT_SECRET=CHANGE_ME_STRONG_JWT_SECRET_AT_LEAST_256_BITS_HERE JWT_ISSUER=meldestelle-api-prod JWT_AUDIENCE=meldestelle-clients-prod JWT_REALM=meldestelle-prod - -# API Key for internal services -# CHANGE THIS: Use a strong, randomly generated API key API_KEY=CHANGE_ME_STRONG_API_KEY_HERE # ============================================================================= -# KEYCLOAK CONFIGURATION +# 6. KEYCLOAK CONFIGURATION # ============================================================================= - -# Keycloak Admin Configuration -# CHANGE THIS: Use strong admin credentials KEYCLOAK_ADMIN=CHANGE_ME_ADMIN_USERNAME KEYCLOAK_ADMIN_PASSWORD=CHANGE_ME_STRONG_ADMIN_PASSWORD_HERE - -# Keycloak Hostname (your production domain) -KC_HOSTNAME=auth.yourdomain.com - -# Keycloak Database Configuration KC_DB=postgres KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak_prod KC_DB_USERNAME=keycloak_prod -# CHANGE THIS: Use a strong password for Keycloak DB user KC_DB_PASSWORD=CHANGE_ME_STRONG_KEYCLOAK_DB_PASSWORD_HERE +KC_HOSTNAME=auth.yourdomain.com # ============================================================================= -# SERVICE DISCOVERY CONFIGURATION +# 7. SERVICE DISCOVERY # ============================================================================= - -# Consul Configuration (if used) CONSUL_HOST=consul -CONSUL_PORT=8500 - -# Service Discovery Settings +CONSUL_ENABLED=true SERVICE_DISCOVERY_ENABLED=true SERVICE_DISCOVERY_REGISTER_SERVICES=true SERVICE_DISCOVERY_HEALTH_CHECK_PATH=/health SERVICE_DISCOVERY_HEALTH_CHECK_INTERVAL=30 # ============================================================================= -# MESSAGING CONFIGURATION (Kafka) +# 8. MESSAGING (Kafka) # ============================================================================= - -# Zookeeper Configuration ZOOKEEPER_CLIENT_PORT=2181 - -# Kafka Configuration KAFKA_BROKER_ID=1 KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181 +KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092 +KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT +KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT +KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1 # ============================================================================= -# MONITORING CONFIGURATION +# 9. MONITORING # ============================================================================= - -# Grafana Configuration -# CHANGE THIS: Use strong admin credentials GF_SECURITY_ADMIN_USER=CHANGE_ME_GRAFANA_ADMIN_USERNAME GF_SECURITY_ADMIN_PASSWORD=CHANGE_ME_STRONG_GRAFANA_PASSWORD_HERE +GF_USERS_ALLOW_SIGN_UP=false -# Grafana Hostname (your production domain) -GRAFANA_HOSTNAME=monitoring.yourdomain.com - -# Prometheus Hostname (your production domain) -PROMETHEUS_HOSTNAME=metrics.yourdomain.com - -# Metrics Authentication -# CHANGE THIS: Use strong credentials for metrics endpoints METRICS_AUTH_USERNAME=CHANGE_ME_METRICS_USERNAME METRICS_AUTH_PASSWORD=CHANGE_ME_STRONG_METRICS_PASSWORD_HERE -# ============================================================================= -# LOGGING CONFIGURATION -# ============================================================================= +GRAFANA_HOSTNAME=monitoring.yourdomain.com +PROMETHEUS_HOSTNAME=metrics.yourdomain.com -# Logging Level (INFO or WARN for production) +# ============================================================================= +# 10. LOGGING CONFIGURATION +# ============================================================================= LOGGING_LEVEL=INFO - -# Request/Response Logging (disable sensitive data logging in production) LOGGING_REQUESTS=false LOGGING_RESPONSES=false LOGGING_REQUEST_HEADERS=false LOGGING_REQUEST_BODY=false LOGGING_RESPONSE_HEADERS=false LOGGING_RESPONSE_BODY=false - -# Structured Logging LOGGING_STRUCTURED=true LOGGING_CORRELATION_ID=true LOGGING_REQUEST_ID_HEADER=X-Request-ID -# Log Sampling (enable for high-traffic production) -LOGGING_SAMPLING_ENABLED=true -LOGGING_SAMPLING_RATE=10 -LOGGING_SAMPLING_HIGH_TRAFFIC_THRESHOLD=1000 - # ============================================================================= -# CORS CONFIGURATION +# 11. CORS AND RATE LIMITING # ============================================================================= - -# CORS Settings (restrict to your production domains) SERVER_CORS_ENABLED=true SERVER_CORS_ALLOWED_ORIGINS=https://yourdomain.com,https://www.yourdomain.com - -# ============================================================================= -# RATE LIMITING CONFIGURATION -# ============================================================================= - -# Rate Limiting (more restrictive for production) RATELIMIT_ENABLED=true RATELIMIT_GLOBAL_LIMIT=1000 RATELIMIT_GLOBAL_PERIOD_MINUTES=1 RATELIMIT_INCLUDE_HEADERS=true # ============================================================================= -# PRODUCTION SPECIFIC SETTINGS -# ============================================================================= - -# Development Tools (disabled in production) -DEV_HOT_RELOAD=false -DEBUG_MODE=false - -# ============================================================================= -# SSL/TLS HOSTNAMES -# ============================================================================= -# Configure these with your actual production domain names - -# Main application hostname -APP_HOSTNAME=app.yourdomain.com - -# API hostname -API_HOSTNAME=api.yourdomain.com - -# ============================================================================= -# BACKUP AND MAINTENANCE -# ============================================================================= - -# Database backup settings -DB_BACKUP_ENABLED=true -DB_BACKUP_SCHEDULE='0 2 * * *' -DB_BACKUP_RETENTION_DAYS=30 - -# Redis backup settings -REDIS_BACKUP_ENABLED=true -REDIS_BACKUP_SCHEDULE='0 3 * * *' - -# ============================================================================= -# SECURITY NOTES -# ============================================================================= -# 1. Generate strong passwords using: openssl rand -base64 32 -# 2. Generate JWT secrets using: openssl rand -base64 64 -# 3. Use different passwords for each service -# 4. Store this file securely and never commit to version control -# 5. Rotate passwords regularly -# 6. Use a secret management system in production (e.g., HashiCorp Vault) -# 7. Enable audit logging for all services -# 8. Monitor for security events -# 9. Keep all services updated with security patches -# 10. Use network segmentation and firewalls +# 12. SPRING PROFILES AND GATEWAY # ============================================================================= +SPRING_PROFILES_ACTIVE=prod +GATEWAY_ADMIN_USER=CHANGE_ME_GATEWAY_ADMIN_USERNAME +GATEWAY_ADMIN_PASSWORD=CHANGE_ME_STRONG_GATEWAY_ADMIN_PASSWORD_HERE diff --git a/config/.env.staging b/config/.env.staging new file mode 100644 index 00000000..c09a33cf --- /dev/null +++ b/config/.env.staging @@ -0,0 +1,163 @@ +# ============================================================================= +# Meldestelle - Staging Environment Configuration +# ============================================================================= +# Staging-specific environment variables (production-like but for testing) +# ============================================================================= + +# ============================================================================= +# 1. APPLICATION CONFIGURATION +# ============================================================================= +APP_NAME=Meldestelle +APP_VERSION=1.0.0 +APP_DESCRIPTION='Pferdesport Meldestelle System' +APP_ENVIRONMENT=staging +APP_HOST=0.0.0.0 + +# Staging settings (production-like but with some debugging) +DEBUG_MODE=false +DEV_HOT_RELOAD=false + +# ============================================================================= +# 2. PORT MANAGEMENT +# ============================================================================= +# Gateway Ports +GATEWAY_PORT=8081 +GATEWAY_ADMIN_PORT=8080 + +# Service Ports +PING_SERVICE_PORT=8082 +MEMBERS_SERVICE_PORT=8083 +HORSES_SERVICE_PORT=8084 +EVENTS_SERVICE_PORT=8085 +MASTERDATA_SERVICE_PORT=8086 +AUTH_SERVICE_PORT=8087 + +# Infrastructure Ports +CONSUL_PORT=8500 +REDIS_PORT=6379 +KAFKA_PORT=9092 +PROMETHEUS_PORT=9090 +GRAFANA_PORT=3000 + +# ============================================================================= +# 3. DATABASE CONFIGURATION +# ============================================================================= +DB_HOST=postgres +DB_PORT=5432 +DB_NAME=meldestelle_staging +DB_USER=meldestelle_staging +DB_PASSWORD=staging_password_change_me +DB_MAX_POOL_SIZE=15 +DB_MIN_POOL_SIZE=5 +DB_AUTO_MIGRATE=true + +POSTGRES_USER=meldestelle_staging +POSTGRES_PASSWORD=staging_password_change_me +POSTGRES_DB=meldestelle_staging +POSTGRES_EXTERNAL_PORT=5432 + +# ============================================================================= +# 4. REDIS CONFIGURATION +# ============================================================================= +REDIS_EVENT_STORE_HOST=redis +REDIS_EVENT_STORE_PORT=6379 +REDIS_EVENT_STORE_PASSWORD=staging_redis_password +REDIS_EVENT_STORE_DATABASE=0 +REDIS_EVENT_STORE_CONNECTION_TIMEOUT=3000 +REDIS_EVENT_STORE_READ_TIMEOUT=3000 +REDIS_EVENT_STORE_USE_POOLING=true +REDIS_EVENT_STORE_MAX_POOL_SIZE=15 +REDIS_EVENT_STORE_MIN_POOL_SIZE=3 + +REDIS_CACHE_HOST=redis +REDIS_CACHE_PORT=6379 +REDIS_CACHE_PASSWORD=staging_redis_password +REDIS_CACHE_DATABASE=1 + +REDIS_EXTERNAL_PORT=6379 +REDIS_PASSWORD=staging_redis_password + +# ============================================================================= +# 5. SECURITY CONFIGURATION +# ============================================================================= +JWT_SECRET=staging-jwt-secret-key-not-for-production-use +JWT_ISSUER=meldestelle-api-staging +JWT_AUDIENCE=meldestelle-clients-staging +JWT_REALM=meldestelle-staging +API_KEY=staging-api-key-change-me + +# ============================================================================= +# 6. KEYCLOAK CONFIGURATION +# ============================================================================= +KEYCLOAK_ADMIN=staging_admin +KEYCLOAK_ADMIN_PASSWORD=staging_admin_password +KC_DB=postgres +KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak_staging +KC_DB_USERNAME=keycloak_staging +KC_DB_PASSWORD=staging_keycloak_password +KC_HOSTNAME=auth-staging.meldestelle.local + +# ============================================================================= +# 7. SERVICE DISCOVERY +# ============================================================================= +CONSUL_HOST=consul +CONSUL_ENABLED=true +SERVICE_DISCOVERY_ENABLED=true +SERVICE_DISCOVERY_REGISTER_SERVICES=true +SERVICE_DISCOVERY_HEALTH_CHECK_PATH=/health +SERVICE_DISCOVERY_HEALTH_CHECK_INTERVAL=15 + +# ============================================================================= +# 8. MESSAGING (Kafka) +# ============================================================================= +ZOOKEEPER_CLIENT_PORT=2181 +KAFKA_BROKER_ID=1 +KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181 +KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092 +KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT +KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT +KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1 + +# ============================================================================= +# 9. MONITORING +# ============================================================================= +GF_SECURITY_ADMIN_USER=staging_admin +GF_SECURITY_ADMIN_PASSWORD=staging_grafana_password +GF_USERS_ALLOW_SIGN_UP=false + +METRICS_AUTH_USERNAME=staging_metrics +METRICS_AUTH_PASSWORD=staging_metrics_password + +GRAFANA_HOSTNAME=grafana-staging.meldestelle.local +PROMETHEUS_HOSTNAME=prometheus-staging.meldestelle.local + +# ============================================================================= +# 10. LOGGING CONFIGURATION +# ============================================================================= +LOGGING_LEVEL=INFO +LOGGING_REQUESTS=true +LOGGING_RESPONSES=false +LOGGING_REQUEST_HEADERS=false +LOGGING_REQUEST_BODY=false +LOGGING_RESPONSE_HEADERS=false +LOGGING_RESPONSE_BODY=false +LOGGING_STRUCTURED=true +LOGGING_CORRELATION_ID=true +LOGGING_REQUEST_ID_HEADER=X-Request-ID + +# ============================================================================= +# 11. CORS AND RATE LIMITING +# ============================================================================= +SERVER_CORS_ENABLED=true +SERVER_CORS_ALLOWED_ORIGINS=https://staging.meldestelle.local,https://app-staging.meldestelle.local +RATELIMIT_ENABLED=true +RATELIMIT_GLOBAL_LIMIT=500 +RATELIMIT_GLOBAL_PERIOD_MINUTES=1 +RATELIMIT_INCLUDE_HEADERS=true + +# ============================================================================= +# 12. SPRING PROFILES AND GATEWAY +# ============================================================================= +SPRING_PROFILES_ACTIVE=staging +GATEWAY_ADMIN_USER=staging_gateway_admin +GATEWAY_ADMIN_PASSWORD=staging_gateway_password diff --git a/config/.env.template b/config/.env.template new file mode 100644 index 00000000..dc6f7b81 --- /dev/null +++ b/config/.env.template @@ -0,0 +1,178 @@ +# ============================================================================= +# Meldestelle - Umgebungsvariablen Vorlage +# ============================================================================= +# Dies ist die SINGLE SOURCE OF TRUTH für alle Umgebungsvariablen. +# Kopieren Sie zu .env.dev, .env.prod, .env.staging oder .env.test und anpassen. +# +# ⚠️ SICHERHEITSWARNUNG: +# - Niemals Produktions-Secrets in die Versionskontrolle committen +# - JWT_SECRET in der Produktion ändern +# - Starke Passwörter für Produktionsumgebungen verwenden +# - API-Schlüssel regelmäßig rotieren +# ============================================================================= + +# ============================================================================= +# 1. ANWENDUNGSKONFIGURATION +# ============================================================================= +APP_NAME=Meldestelle +APP_VERSION=1.0.0 +APP_DESCRIPTION='Pferdesport Meldestelle System' +APP_ENVIRONMENT=development +APP_HOST=0.0.0.0 + +# Entwicklungsspezifische Einstellungen +DEBUG_MODE=true +DEV_HOT_RELOAD=true + +# ============================================================================= +# 2. PORT-VERWALTUNG - SINGLE SOURCE OF TRUTH +# ============================================================================= +# Gateway Ports +GATEWAY_PORT=8081 +GATEWAY_ADMIN_PORT=8080 + +# Service Ports (eindeutige Zuteilung) +PING_SERVICE_PORT=8082 +MEMBERS_SERVICE_PORT=8083 +HORSES_SERVICE_PORT=8084 +EVENTS_SERVICE_PORT=8085 +MASTERDATA_SERVICE_PORT=8086 +AUTH_SERVICE_PORT=8087 + +# Infrastruktur Ports +CONSUL_PORT=8500 +REDIS_PORT=6379 +KAFKA_PORT=9092 +PROMETHEUS_PORT=9090 +GRAFANA_PORT=3000 + +# ============================================================================= +# 3. DATENBANK-KONFIGURATION (PostgreSQL) +# ============================================================================= +# Anwendungs-Datenbankeinstellungen +DB_HOST=localhost +DB_PORT=5432 +DB_NAME=meldestelle +DB_USER=meldestelle +DB_PASSWORD=meldestelle +DB_MAX_POOL_SIZE=10 +DB_MIN_POOL_SIZE=5 +DB_AUTO_MIGRATE=true + +# Docker PostgreSQL Container-Einstellungen +POSTGRES_USER=meldestelle +POSTGRES_PASSWORD=meldestelle +POSTGRES_DB=meldestelle +POSTGRES_EXTERNAL_PORT=5432 + +# ============================================================================= +# 4. REDIS-KONFIGURATION +# ============================================================================= +# Event Store Konfiguration +REDIS_EVENT_STORE_HOST=localhost +REDIS_EVENT_STORE_PORT=6379 +REDIS_EVENT_STORE_PASSWORD= +REDIS_EVENT_STORE_DATABASE=0 +REDIS_EVENT_STORE_CONNECTION_TIMEOUT=2000 +REDIS_EVENT_STORE_READ_TIMEOUT=2000 +REDIS_EVENT_STORE_USE_POOLING=true +REDIS_EVENT_STORE_MAX_POOL_SIZE=8 +REDIS_EVENT_STORE_MIN_POOL_SIZE=2 + +# Cache-Konfiguration +REDIS_CACHE_HOST=localhost +REDIS_CACHE_PORT=6379 +REDIS_CACHE_PASSWORD= +REDIS_CACHE_DATABASE=1 + +# Redis Docker-Einstellungen +REDIS_EXTERNAL_PORT=6379 +REDIS_PASSWORD= + +# ============================================================================= +# 5. SICHERHEITSKONFIGURATION +# ============================================================================= +JWT_SECRET=meldestelle-jwt-secret-key-for-development-change-in-production +JWT_ISSUER=meldestelle-api +JWT_AUDIENCE=meldestelle-clients +JWT_REALM=meldestelle +API_KEY=meldestelle-api-key-for-development + +# ============================================================================= +# 6. KEYCLOAK CONFIGURATION +# ============================================================================= +KEYCLOAK_ADMIN=admin +KEYCLOAK_ADMIN_PASSWORD=admin +KC_DB=postgres +KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak +KC_DB_USERNAME=meldestelle +KC_DB_PASSWORD=meldestelle +KC_HOSTNAME=auth.meldestelle.local + +# ============================================================================= +# 7. SERVICE DISCOVERY (Consul) +# ============================================================================= +CONSUL_HOST=consul +CONSUL_ENABLED=true +SERVICE_DISCOVERY_ENABLED=true +SERVICE_DISCOVERY_REGISTER_SERVICES=true +SERVICE_DISCOVERY_HEALTH_CHECK_PATH=/health +SERVICE_DISCOVERY_HEALTH_CHECK_INTERVAL=10 + +# ============================================================================= +# 8. MESSAGING (Kafka) +# ============================================================================= +ZOOKEEPER_CLIENT_PORT=2181 +KAFKA_BROKER_ID=1 +KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181 +KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092 +KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT +KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT +KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1 + +# ============================================================================= +# 9. MONITORING +# ============================================================================= +# Grafana Configuration +GF_SECURITY_ADMIN_USER=admin +GF_SECURITY_ADMIN_PASSWORD=admin +GF_USERS_ALLOW_SIGN_UP=false + +# Metrics Authentication +METRICS_AUTH_USERNAME=admin +METRICS_AUTH_PASSWORD=metrics + +# Monitoring hostnames +GRAFANA_HOSTNAME=grafana.meldestelle.local +PROMETHEUS_HOSTNAME=prometheus.meldestelle.local + +# ============================================================================= +# 10. LOGGING CONFIGURATION +# ============================================================================= +LOGGING_LEVEL=DEBUG +LOGGING_REQUESTS=true +LOGGING_RESPONSES=true +LOGGING_REQUEST_HEADERS=true +LOGGING_REQUEST_BODY=true +LOGGING_RESPONSE_HEADERS=true +LOGGING_RESPONSE_BODY=true +LOGGING_STRUCTURED=true +LOGGING_CORRELATION_ID=true +LOGGING_REQUEST_ID_HEADER=X-Request-ID + +# ============================================================================= +# 11. CORS AND RATE LIMITING +# ============================================================================= +SERVER_CORS_ENABLED=true +SERVER_CORS_ALLOWED_ORIGINS=* +RATELIMIT_ENABLED=true +RATELIMIT_GLOBAL_LIMIT=100 +RATELIMIT_GLOBAL_PERIOD_MINUTES=1 +RATELIMIT_INCLUDE_HEADERS=true + +# ============================================================================= +# 12. SPRING PROFILES AND GATEWAY +# ============================================================================= +SPRING_PROFILES_ACTIVE=dev +GATEWAY_ADMIN_USER=admin +GATEWAY_ADMIN_PASSWORD=admin diff --git a/config/.env.test b/config/.env.test new file mode 100644 index 00000000..c1186e42 --- /dev/null +++ b/config/.env.test @@ -0,0 +1,163 @@ +# ============================================================================= +# Meldestelle - Test Environment Configuration +# ============================================================================= +# Test-specific environment variables (optimized for automated testing) +# ============================================================================= + +# ============================================================================= +# 1. APPLICATION CONFIGURATION +# ============================================================================= +APP_NAME=Meldestelle +APP_VERSION=1.0.0 +APP_DESCRIPTION='Pferdesport Meldestelle System' +APP_ENVIRONMENT=test +APP_HOST=localhost + +# Test settings (fast and minimal for CI/CD) +DEBUG_MODE=true +DEV_HOT_RELOAD=false + +# ============================================================================= +# 2. PORT MANAGEMENT +# ============================================================================= +# Gateway Ports (use different ports to avoid conflicts during parallel testing) +GATEWAY_PORT=9081 +GATEWAY_ADMIN_PORT=9080 + +# Service Ports +PING_SERVICE_PORT=9082 +MEMBERS_SERVICE_PORT=9083 +HORSES_SERVICE_PORT=9084 +EVENTS_SERVICE_PORT=9085 +MASTERDATA_SERVICE_PORT=9086 +AUTH_SERVICE_PORT=9087 + +# Infrastructure Ports +CONSUL_PORT=9500 +REDIS_PORT=9379 +KAFKA_PORT=9092 +PROMETHEUS_PORT=9090 +GRAFANA_PORT=9000 + +# ============================================================================= +# 3. DATABASE CONFIGURATION +# ============================================================================= +DB_HOST=localhost +DB_PORT=5433 +DB_NAME=meldestelle_test +DB_USER=meldestelle_test +DB_PASSWORD=test_password +DB_MAX_POOL_SIZE=5 +DB_MIN_POOL_SIZE=1 +DB_AUTO_MIGRATE=true + +POSTGRES_USER=meldestelle_test +POSTGRES_PASSWORD=test_password +POSTGRES_DB=meldestelle_test +POSTGRES_EXTERNAL_PORT=5433 + +# ============================================================================= +# 4. REDIS CONFIGURATION +# ============================================================================= +REDIS_EVENT_STORE_HOST=localhost +REDIS_EVENT_STORE_PORT=9379 +REDIS_EVENT_STORE_PASSWORD= +REDIS_EVENT_STORE_DATABASE=0 +REDIS_EVENT_STORE_CONNECTION_TIMEOUT=1000 +REDIS_EVENT_STORE_READ_TIMEOUT=1000 +REDIS_EVENT_STORE_USE_POOLING=true +REDIS_EVENT_STORE_MAX_POOL_SIZE=3 +REDIS_EVENT_STORE_MIN_POOL_SIZE=1 + +REDIS_CACHE_HOST=localhost +REDIS_CACHE_PORT=9379 +REDIS_CACHE_PASSWORD= +REDIS_CACHE_DATABASE=1 + +REDIS_EXTERNAL_PORT=9379 +REDIS_PASSWORD= + +# ============================================================================= +# 5. SECURITY CONFIGURATION +# ============================================================================= +JWT_SECRET=test-jwt-secret-key-for-testing-only +JWT_ISSUER=meldestelle-api-test +JWT_AUDIENCE=meldestelle-clients-test +JWT_REALM=meldestelle-test +API_KEY=test-api-key + +# ============================================================================= +# 6. KEYCLOAK CONFIGURATION +# ============================================================================= +KEYCLOAK_ADMIN=test_admin +KEYCLOAK_ADMIN_PASSWORD=test_password +KC_DB=postgres +KC_DB_URL=jdbc:postgresql://localhost:5433/keycloak_test +KC_DB_USERNAME=keycloak_test +KC_DB_PASSWORD=test_password +KC_HOSTNAME=localhost + +# ============================================================================= +# 7. SERVICE DISCOVERY +# ============================================================================= +CONSUL_HOST=localhost +CONSUL_ENABLED=false +SERVICE_DISCOVERY_ENABLED=false +SERVICE_DISCOVERY_REGISTER_SERVICES=false +SERVICE_DISCOVERY_HEALTH_CHECK_PATH=/health +SERVICE_DISCOVERY_HEALTH_CHECK_INTERVAL=5 + +# ============================================================================= +# 8. MESSAGING (Kafka) +# ============================================================================= +ZOOKEEPER_CLIENT_PORT=2182 +KAFKA_BROKER_ID=1 +KAFKA_ZOOKEEPER_CONNECT=localhost:2182 +KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://localhost:9092 +KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=PLAINTEXT:PLAINTEXT +KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT +KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1 + +# ============================================================================= +# 9. MONITORING +# ============================================================================= +GF_SECURITY_ADMIN_USER=test_admin +GF_SECURITY_ADMIN_PASSWORD=test_password +GF_USERS_ALLOW_SIGN_UP=false + +METRICS_AUTH_USERNAME=test_metrics +METRICS_AUTH_PASSWORD=test_password + +GRAFANA_HOSTNAME=localhost +PROMETHEUS_HOSTNAME=localhost + +# ============================================================================= +# 10. LOGGING CONFIGURATION +# ============================================================================= +LOGGING_LEVEL=DEBUG +LOGGING_REQUESTS=true +LOGGING_RESPONSES=true +LOGGING_REQUEST_HEADERS=true +LOGGING_REQUEST_BODY=true +LOGGING_RESPONSE_HEADERS=true +LOGGING_RESPONSE_BODY=true +LOGGING_STRUCTURED=true +LOGGING_CORRELATION_ID=true +LOGGING_REQUEST_ID_HEADER=X-Request-ID + +# ============================================================================= +# 11. CORS AND RATE LIMITING +# ============================================================================= +SERVER_CORS_ENABLED=true +SERVER_CORS_ALLOWED_ORIGINS=* +RATELIMIT_ENABLED=false +RATELIMIT_GLOBAL_LIMIT=10000 +RATELIMIT_GLOBAL_PERIOD_MINUTES=1 +RATELIMIT_INCLUDE_HEADERS=true + +# ============================================================================= +# 12. SPRING PROFILES AND GATEWAY +# ============================================================================= +SPRING_PROFILES_ACTIVE=test +GATEWAY_ADMIN_USER=test_admin +GATEWAY_ADMIN_PASSWORD=test_password diff --git a/config/README.md b/config/README.md new file mode 100644 index 00000000..9ce08596 --- /dev/null +++ b/config/README.md @@ -0,0 +1,185 @@ +# Meldestelle - Zentrale Konfigurationsverwaltung + +## Übersicht + +Dieses Verzeichnis enthält die **SINGLE SOURCE OF TRUTH** für alle Umgebungsvariablen und Konfigurationsdateien im Meldestelle-Projekt. Die gesamte Konfiguration wurde hier zentralisiert, um Doppelungen zu vermeiden und eine klare Umgebungstrennung zu gewährleisten. + +## Struktur + +``` +config/ +├── .env.template # Vorlage mit allen verfügbaren Variablen +├── .env.dev # Entwicklungsumgebung +├── .env.prod # Produktionsumgebung +├── .env.staging # Staging-Umgebung +├── .env.test # Testumgebung +├── application.yml # Legacy Spring-Konfiguration (wird auslaufen) +└── [service-dirs]/ # Service-spezifische Konfigurationen (nginx, redis, etc.) +``` + +## Umgebungsdateien + +### `.env.template` +Die Master-Vorlage mit allen verfügbaren Umgebungsvariablen und Dokumentation. Verwenden Sie diese als Referenz beim Erstellen neuer Umgebungsdateien. + +### `.env.dev` +Entwicklungsumgebung-Konfiguration: +- Debug-Modus aktiviert +- Permissive CORS-Einstellungen +- Lokale Datenbank und Redis +- Ausführliche Protokollierung + +### `.env.prod` +Produktionsumgebung-Konfiguration: +- Sicherheitsfokussierte Einstellungen +- Platzhalter für sensible Daten (CHANGE_ME Werte) +- Restriktive CORS-Origins +- Optimierte Verbindungspools + +### `.env.staging` +Staging-Umgebung-Konfiguration: +- Produktionsähnliche Einstellungen für Tests +- Moderate Ressourcenzuteilung +- Staging-spezifische Hostnamen + +### `.env.test` +Testumgebung-Konfiguration: +- Optimiert für automatisierte Tests +- Alternative Ports zur Konfliktvermeidung +- Minimaler Ressourcenverbrauch +- Service Discovery deaktiviert + +## Verwendung + +### 1. Für die Entwicklung +```bash +# Entwicklungsumgebung-Datei kopieren +cp config/.env.dev .env + +# Oder einen Symlink erstellen +ln -sf config/.env.dev .env +``` + +### 2. Für die Produktion +```bash +# Produktions-Vorlage kopieren und anpassen +cp config/.env.prod .env.prod + +# Alle CHANGE_ME Werte mit sicheren Zugangsdaten bearbeiten +vim .env.prod + +# Produktions-Datei verwenden +ln -sf .env.prod .env +``` + +### 3. Für Tests +```bash +# Testumgebung verwenden +ln -sf config/.env.test .env +``` + +## Struktur der Umgebungsvariablen + +Die Konfiguration ist in 12 logische Abschnitte unterteilt: + +1. **Anwendungskonfiguration** - Grundlegende App-Einstellungen +2. **Port-Verwaltung** - Alle Service-Ports an einem Ort +3. **Datenbank-Konfiguration** - PostgreSQL-Einstellungen +4. **Redis-Konfiguration** - Cache und Event Store +5. **Sicherheitskonfiguration** - JWT, API-Schlüssel +6. **Keycloak-Konfiguration** - Authentifizierungsserver +7. **Service Discovery** - Consul-Einstellungen +8. **Messaging** - Kafka-Konfiguration +9. **Überwachung** - Grafana, Prometheus +10. **Protokollierungskonfiguration** - Log-Level und Formate +11. **CORS und Rate Limiting** - Web-Sicherheit +12. **Spring Profile und Gateway** - Framework-Einstellungen + +## Sicherheitsrichtlinien + +### Entwicklung +- Standard-Passwörter für lokale Entwicklung verwenden +- Debug-Modus aktiviert lassen +- Permissive CORS-Einstellungen verwenden + +### Produktion +- **NIEMALS** Produktions-`.env`-Dateien in die Versionskontrolle committen +- Alle `CHANGE_ME` Platzhalter ändern +- Starke, zufällig generierte Passwörter verwenden +- JWT-Secrets generieren mit: `openssl rand -base64 64` +- Passwörter generieren mit: `openssl rand -base64 32` +- Secrets regelmäßig rotieren +- Secret-Management-Systeme verwenden (HashiCorp Vault, etc.) + +## Migration von der alten Struktur + +Die alten Konfigurationsdateien wurden konsolidiert: + +### Entfernte Dateien +- `/project-root/.env` → `config/.env.dev` +- `/project-root/.env.template` → `config/.env.template` +- `/project-root/.env.prod.example` → `config/.env.prod` +- `config/application*.properties` - Entfernt und durch .env-Dateien ersetzt + +### Legacy-Dateien (werden auslaufen) +- `config/application.yml` - Wird durch .env-Dateien ersetzt + +## Referenz der Umgebungsvariablen + +### Wichtige Variablen nach Umgebung + +| Variable | Dev | Staging | Prod | Test | +|----------|-----|---------|------|------| +| `DEBUG_MODE` | true | false | false | true | +| `LOGGING_LEVEL` | DEBUG | INFO | INFO | DEBUG | +| `CORS_ALLOWED_ORIGINS` | * | staging domains | prod domains | * | +| `DB_AUTO_MIGRATE` | true | true | false | true | +| `CONSUL_ENABLED` | true | true | true | false | + +### Port-Zuteilung + +| Service | Port | +|---------|------| +| Gateway | 8081 | +| Gateway Admin | 8080 | +| Ping Service | 8082 | +| Members Service | 8083 | +| Horses Service | 8084 | +| Events Service | 8085 | +| Masterdata Service | 8086 | +| Auth Service | 8087 | + +**Testumgebung:** Alle Ports +1000 (z.B. Gateway: 9081) + +## Best Practices + +1. **Immer die Vorlage verwenden** als Ausgangspunkt für neue Umgebungen +2. **Benutzerdefinierte Variablen dokumentieren** in Kommentaren +3. **Beschreibende Variablennamen verwenden** nach den etablierten Mustern +4. **Verwandte Variablen gruppieren** in logischen Abschnitten +5. **Konfiguration validieren** vor der Bereitstellung +6. **Konfigurationsabweichungen überwachen** zwischen Umgebungen + +## Fehlerbehebung + +### Häufige Probleme + +1. **Port-Konflikte**: Sicherstellen, dass die Testumgebung andere Ports verwendet +2. **Fehlende Variablen**: Gegen `.env.template` prüfen +3. **Zugriff verweigert**: Dateiberechtigungen für `.env`-Dateien überprüfen +4. **Datenbankverbindung fehlgeschlagen**: DB-Zugangsdaten und Hostname prüfen + +### Validierungsskript + +```bash +# TODO: Validierungsskript erstellen +./scripts/validate-config.sh config/.env.prod +``` + +## Zukünftige Verbesserungen + +- [ ] Konfigurationsvalidierungsskripte +- [ ] Automatische Secret-Generierung +- [ ] Umgebungsspezifische docker-compose-Dateien +- [ ] Erkennung von Konfigurationsabweichungen +- [ ] Integration von Secret-Management diff --git a/config/application-dev.properties b/config/application-dev.properties deleted file mode 100644 index ab634d84..00000000 --- a/config/application-dev.properties +++ /dev/null @@ -1,13 +0,0 @@ -# Entwicklungsumgebung spezifische Konfiguration - -# Server-Einstellungen -server.port=8080 - -# Datenbank-Einstellungen -database.host=localhost -database.port=5432 - -# Logging-Einstellungen -logging.level=DEBUG -logging.requests=true -logging.responses=true diff --git a/config/application-prod.properties b/config/application-prod.properties deleted file mode 100644 index 08b18d6a..00000000 --- a/config/application-prod.properties +++ /dev/null @@ -1,16 +0,0 @@ -# Produktionsumgebung spezifische Konfiguration - -# Server-Einstellungen -server.port=8080 -server.workers=4 -server.cors.allowedOrigins=https://meldestelle.at,https://app.meldestelle.at - -# Datenbank-Einstellungen -database.host=db -database.port=5432 -database.maxPoolSize=20 - -# Logging-Einstellungen -logging.level=INFO -logging.requests=true -logging.responses=false diff --git a/config/application-staging.properties b/config/application-staging.properties deleted file mode 100644 index deabe319..00000000 --- a/config/application-staging.properties +++ /dev/null @@ -1,16 +0,0 @@ -# Staging-Umgebung spezifische Konfiguration - -# Server-Einstellungen -server.port=8080 -server.workers=2 -server.cors.allowedOrigins=https://staging.meldestelle.at - -# Datenbank-Einstellungen -database.host=db -database.port=5432 -database.name=meldestelle_staging_db - -# Logging-Einstellungen -logging.level=INFO -logging.requests=true -logging.responses=false diff --git a/config/application-test.properties b/config/application-test.properties deleted file mode 100644 index de92125d..00000000 --- a/config/application-test.properties +++ /dev/null @@ -1,14 +0,0 @@ -# Testumgebung spezifische Konfiguration - -# Server-Einstellungen -server.port=8082 - -# Datenbank-Einstellungen -database.host=localhost -database.port=5432 -database.name=meldestelle_test_db - -# Logging-Einstellungen -logging.level=DEBUG -logging.requests=true -logging.responses=true diff --git a/config/application.properties b/config/application.properties deleted file mode 100644 index e8f1caa3..00000000 --- a/config/application.properties +++ /dev/null @@ -1,32 +0,0 @@ -# Allgemeine Anwendungseinstellungen -app.name=Meldestelle -app.version=1.0.0 -app.description=Pferdesport Meldestelle System - -# Server-Einstellungen -server.port=8080 -server.host=0.0.0.0 -server.workers=4 -server.cors.enabled=true -server.cors.allowedOrigins=* - -# Datenbank-Einstellungen -database.host=localhost -database.port=5432 -database.name=meldestelle_db -database.username=meldestelle_user -database.password=secure_password_change_me -database.maxPoolSize=10 -database.autoMigrate=true - -# Sicherheits-Einstellungen -security.jwt.secret=default-jwt-secret-key-please-change-in-production -security.jwt.issuer=meldestelle-api -security.jwt.audience=meldestelle-clients -security.jwt.realm=meldestelle -security.jwt.expirationInMinutes=1440 - -# Logging-Einstellungen -logging.level=INFO -logging.requests=true -logging.responses=false diff --git a/config/ssl/README.md b/config/ssl/README.md deleted file mode 100644 index c814703f..00000000 --- a/config/ssl/README.md +++ /dev/null @@ -1,220 +0,0 @@ -# SSL/TLS Certificate Setup for Production - -This directory contains SSL/TLS certificates and keys for securing the Meldestelle application in production. - -## Directory Structure - -``` -config/ssl/ -├── postgres/ # PostgreSQL SSL certificates -├── redis/ # Redis TLS certificates -├── keycloak/ # Keycloak HTTPS certificates -├── prometheus/ # Prometheus HTTPS certificates -├── grafana/ # Grafana HTTPS certificates -├── nginx/ # Nginx SSL certificates -└── README.md # This file -``` - -## Certificate Requirements - -### 1. PostgreSQL SSL Certificates -Place the following files in `config/ssl/postgres/`: -- `server.crt` - Server certificate -- `server.key` - Server private key -- `ca.crt` - Certificate Authority certificate - -### 2. Redis TLS Certificates -Place the following files in `config/ssl/redis/`: -- `redis.crt` - Redis server certificate -- `redis.key` - Redis server private key -- `ca.crt` - Certificate Authority certificate -- `redis.dh` - Diffie-Hellman parameters - -### 3. Keycloak HTTPS Certificates -Place the following files in `config/ssl/keycloak/`: -- `server.crt.pem` - Server certificate in PEM format -- `server.key.pem` - Server private key in PEM format - -### 4. Prometheus HTTPS Certificates -Place the following files in `config/ssl/prometheus/`: -- `prometheus.crt` - Prometheus server certificate -- `prometheus.key` - Prometheus server private key -- `web.yml` - Prometheus web configuration file - -### 5. Grafana HTTPS Certificates -Place the following files in `config/ssl/grafana/`: -- `server.crt` - Grafana server certificate -- `server.key` - Grafana server private key - -### 6. Nginx SSL Certificates -Place the following files in `config/ssl/nginx/`: -- `server.crt` - Main SSL certificate -- `server.key` - Main SSL private key -- `dhparam.pem` - Diffie-Hellman parameters - -## Generating Self-Signed Certificates (Development/Testing) - -⚠️ **Warning**: Only use self-signed certificates for development and testing. Use proper CA-signed certificates in production. - -### Generate CA Certificate -```bash -# Create CA private key -openssl genrsa -out ca.key 4096 - -# Create CA certificate -openssl req -new -x509 -days 365 -key ca.key -out ca.crt \ - -subj "/C=AT/ST=Vienna/L=Vienna/O=Meldestelle/OU=IT/CN=Meldestelle-CA" -``` - -### Generate Server Certificates -```bash -# For each service, generate private key and certificate signing request -openssl genrsa -out server.key 2048 -openssl req -new -key server.key -out server.csr \ - -subj "/C=AT/ST=Vienna/L=Vienna/O=Meldestelle/OU=IT/CN=your-domain.com" - -# Sign the certificate with CA -openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key \ - -CAcreateserial -out server.crt - -# Clean up -rm server.csr -``` - -### Generate Diffie-Hellman Parameters -```bash -openssl dhparam -out dhparam.pem 2048 -``` - -## Production Certificate Setup - -### Option 1: Let's Encrypt (Recommended) -Use Certbot to obtain free SSL certificates: - -```bash -# Install certbot -sudo apt-get install certbot - -# Obtain certificates -sudo certbot certonly --standalone -d your-domain.com -d www.your-domain.com - -# Copy certificates to appropriate directories -sudo cp /etc/letsencrypt/live/your-domain.com/fullchain.pem config/ssl/nginx/server.crt -sudo cp /etc/letsencrypt/live/your-domain.com/privkey.pem config/ssl/nginx/server.key -``` - -### Option 2: Commercial CA -1. Generate Certificate Signing Requests (CSRs) -2. Submit CSRs to your Certificate Authority -3. Download signed certificates -4. Place certificates in appropriate directories - -### Option 3: Internal CA -If using an internal Certificate Authority: -1. Generate CSRs for each service -2. Sign certificates with your internal CA -3. Distribute CA certificate to all clients - -## File Permissions - -Ensure proper file permissions for security: - -```bash -# Set restrictive permissions on private keys -chmod 600 config/ssl/*/server.key -chmod 600 config/ssl/*/redis.key -chmod 600 config/ssl/*/prometheus.key - -# Set readable permissions on certificates -chmod 644 config/ssl/*/server.crt -chmod 644 config/ssl/*/ca.crt - -# Set directory permissions -chmod 755 config/ssl/*/ -``` - -## Docker Volume Mounts - -The certificates are mounted as read-only volumes in the Docker containers: - -```yaml -volumes: - - ./config/ssl/nginx:/etc/ssl/nginx:ro - - ./config/ssl/keycloak:/opt/keycloak/conf:ro - # ... other mounts -``` - -## Certificate Renewal - -### Automated Renewal (Let's Encrypt) -Set up a cron job for automatic renewal: - -```bash -# Add to crontab -0 12 * * * /usr/bin/certbot renew --quiet --post-hook "docker-compose -f docker-compose.prod.yml restart nginx" -``` - -### Manual Renewal -1. Generate new certificates -2. Replace old certificates in SSL directories -3. Restart affected services: - ```bash - docker-compose -f docker-compose.prod.yml restart nginx keycloak grafana prometheus - ``` - -## Security Best Practices - -1. **Use Strong Encryption**: Use at least 2048-bit RSA keys or 256-bit ECDSA keys -2. **Regular Rotation**: Rotate certificates regularly (annually or bi-annually) -3. **Secure Storage**: Store private keys securely and limit access -4. **Monitor Expiration**: Set up monitoring for certificate expiration -5. **Use HSTS**: Enable HTTP Strict Transport Security -6. **Perfect Forward Secrecy**: Use ECDHE cipher suites -7. **Certificate Transparency**: Monitor CT logs for unauthorized certificates - -## Troubleshooting - -### Common Issues - -1. **Permission Denied** - ```bash - # Fix file permissions - sudo chown -R $USER:$USER config/ssl/ - chmod -R 755 config/ssl/ - chmod 600 config/ssl/*/server.key - ``` - -2. **Certificate Verification Failed** - ```bash - # Verify certificate - openssl x509 -in config/ssl/nginx/server.crt -text -noout - - # Check certificate chain - openssl verify -CAfile config/ssl/nginx/ca.crt config/ssl/nginx/server.crt - ``` - -3. **TLS Handshake Errors** - - Check certificate validity dates - - Verify certificate matches hostname - - Ensure proper cipher suite configuration - -### Testing SSL Configuration - -```bash -# Test SSL certificate -openssl s_client -connect your-domain.com:443 -servername your-domain.com - -# Test with specific protocol -openssl s_client -connect your-domain.com:443 -tls1_2 - -# Check certificate expiration -openssl x509 -in config/ssl/nginx/server.crt -noout -dates -``` - -## Support - -For certificate-related issues: -1. Check service logs: `docker-compose -f docker-compose.prod.yml logs [service-name]` -2. Verify certificate files exist and have correct permissions -3. Test SSL configuration with OpenSSL tools -4. Consult service-specific SSL documentation diff --git a/docker-commands-fix.md b/docker-commands-fix.md deleted file mode 100644 index 12480714..00000000 --- a/docker-commands-fix.md +++ /dev/null @@ -1,61 +0,0 @@ -# Docker-Compose Fehler Behebung - -## Problem -Die docker-compose Befehle schlugen fehl mit dem Fehler: -``` -ERROR: .FileNotFoundError: [Errno 2] No such file or directory: './docker-compose.yml' -``` - -## Ursache -Die Befehle wurden aus dem falschen Verzeichnis ausgeführt: -- **Falsch**: `/home/stefan-mo/WsMeldestelle/Meldestelle/.junie/guidelines/` -- **Richtig**: `/home/stefan-mo/WsMeldestelle/Meldestelle/` (Projekt-Root) - -## Lösung -Alle docker-compose Befehle müssen aus dem Projekt-Root-Verzeichnis ausgeführt werden: - -```bash -# Zuerst zum richtigen Verzeichnis wechseln -cd /home/stefan-mo/WsMeldestelle/Meldestelle - -# Dann die Befehle ausführen: - -# 1. Alle Services einschließlich Clients -docker-compose \ - -f docker-compose.yml \ - -f docker-compose.services.yml \ - -f docker-compose.clients.yml \ - up -d - -# 2. Nur Infrastructure für Backend-Entwicklung -docker-compose -f docker-compose.yml up -d postgres redis kafka consul zipkin - -# 3. Mit Debug-Unterstützung für Service-Entwicklung -DEBUG=true SPRING_PROFILES_ACTIVE=docker \ -docker-compose -f docker-compose.yml -f docker-compose.services.yml up -d - -# 4. Mit Live-Reload für Frontend-Entwicklung -docker-compose -f docker-compose.yml -f docker-compose.override.yml up -d -``` - -## Verifikation -Die folgenden Dateien existieren im Projekt-Root: -- ✅ `docker-compose.yml` (Infrastructure Services) -- ✅ `docker-compose.services.yml` (Application Services) -- ✅ `docker-compose.clients.yml` (Client Applications) -- ✅ `docker-compose.override.yml` (Development Overrides) - -## Zusätzliche Befehle -```bash -# Services stoppen -docker-compose down - -# Services mit Volumes entfernen -docker-compose down -v - -# Logs anzeigen -docker-compose logs -f [service-name] - -# Status prüfen -docker-compose ps -``` diff --git a/docker-compose-errors-complete-fix.md b/docker-compose-errors-complete-fix.md deleted file mode 100644 index d1f0cbc6..00000000 --- a/docker-compose-errors-complete-fix.md +++ /dev/null @@ -1,148 +0,0 @@ -# Docker-Compose Fehler Behebung - Vollständige Lösung - -## Problemübersicht -Die folgenden Fehler wurden beim Ausführen der docker-compose Befehle identifiziert und behoben: - -1. **Network-Konfigurationsfehler**: `meldestelle-network declared as external, but could not be found` -2. **ContainerConfig KeyError**: Fehler beim Inspizieren bestehender Container -3. **API Gateway Service-Fehler**: `Service api-gateway has neither an image nor a build context specified` -4. **Deploy Resource Warnings**: Unsupported `reservations.cpus` sub-keys - -## 🔧 Angewendete Lösungen - -### 1. Network-Konfiguration korrigiert ✓ -**Problem**: Inkonsistente Network-Definitionen zwischen compose-Dateien -- `docker-compose.yml`: `driver: bridge` -- `docker-compose.services.yml` und `docker-compose.clients.yml`: `external: true` - -**Lösung**: -- Entfernung von `external: true` aus allen compose-Dateien -- Einheitliche Verwendung von `driver: bridge` - -### 2. ContainerConfig KeyError behoben ✓ -**Problem**: Korrupte Container-Metadaten von vorherigen Runs -**Lösung**: -- Bereinigung aller bestehenden Container -- Befehl: `docker rm $(docker ps -a -q --filter "name=meldestelle")` - -### 3. API Gateway Service-Konfiguration ✓ -**Problem**: `docker-compose.override.yml` referenziert Services, die nicht in der Basis-Konfiguration definiert sind -**Lösung**: -- Korrekte Verwendung der compose-Datei-Kombinationen -- `docker-compose.override.yml` nur zusammen mit `docker-compose.services.yml` verwenden - -### 4. Deploy Resource Warnings eliminiert ✓ -**Problem**: Docker Compose 1.29.2 unterstützt keine `reservations` unter `deploy.resources` -**Lösung**: -- Entfernung aller `reservations` Sektionen aus `docker-compose.services.yml` -- Beibehaltung der `limits` Konfigurationen - -## ✅ Korrekte Docker-Compose Befehle - -### Vorbereitung (einmalig nach Fehlern) -```bash -# Zum richtigen Verzeichnis wechseln -cd /home/stefan-mo/WsMeldestelle/Meldestelle - -# Bestehende Container bereinigen (falls ContainerConfig Fehler auftreten) -docker rm $(docker ps -a -q --filter "name=meldestelle") 2>/dev/null || true - -# Verwaiste Images bereinigen (optional) -docker image prune -f -``` - -### 1. Alle Services einschließlich Clients -```bash -docker-compose \ - -f docker-compose.yml \ - -f docker-compose.services.yml \ - -f docker-compose.clients.yml \ - up -d -``` - -### 2. Nur Infrastructure für Backend-Entwicklung -```bash -docker-compose -f docker-compose.yml up -d postgres redis kafka consul zipkin -``` - -### 3. Mit Debug-Unterstützung für Service-Entwicklung -```bash -DEBUG=true SPRING_PROFILES_ACTIVE=docker \ -docker-compose -f docker-compose.yml -f docker-compose.services.yml up -d -``` - -### 4. Mit Live-Reload für Frontend-Entwicklung -```bash -# WICHTIG: Nur verwenden wenn docker-compose.services.yml ebenfalls geladen wird -docker-compose \ - -f docker-compose.yml \ - -f docker-compose.services.yml \ - -f docker-compose.override.yml \ - up -d -``` - -## 🚨 Wichtige Hinweise - -### Override-Datei Verwendung -- `docker-compose.override.yml` darf **NICHT** allein mit `docker-compose.yml` verwendet werden -- Grund: Override definiert nur Konfigurationsüberschreibungen, keine vollständigen Services -- **Richtig**: `-f docker-compose.yml -f docker-compose.services.yml -f docker-compose.override.yml` -- **Falsch**: `-f docker-compose.yml -f docker-compose.override.yml` - -### Network-Konsistenz -- Alle compose-Dateien verwenden jetzt `driver: bridge` für `meldestelle-network` -- Keine `external: true` Deklarationen mehr vorhanden -- Network wird automatisch von Docker Compose erstellt - -### Resource-Limits -- Nur `limits` werden verwendet (memory, cpus) -- `reservations` wurden entfernt (nicht unterstützt in Docker Compose 1.29.2) -- Services starten ohne Warnings - -## 🔍 Fehlerbehebung - -### Bei "ContainerConfig" Fehlern: -```bash -docker rm $(docker ps -a -q --filter "name=meldestelle") 2>/dev/null || true -docker-compose down --volumes --remove-orphans 2>/dev/null || true -``` - -### Bei Network-Fehlern: -```bash -docker network ls | grep meldestelle -docker network rm meldestelle-network 2>/dev/null || true -``` - -### Bei Build-Fehlern: -```bash -docker-compose build --no-cache --pull -``` - -## 🧪 Verifikation - -### Status prüfen: -```bash -docker-compose ps -docker network ls | grep meldestelle -``` - -### Logs überwachen: -```bash -docker-compose logs -f [service-name] -``` - -### Services stoppen: -```bash -docker-compose down -# Mit Volumes entfernen: -docker-compose down -v -``` - -## ✅ Zusammenfassung -- ✅ Network-Konfiguration vereinheitlicht -- ✅ ContainerConfig-Fehler durch Container-Cleanup behoben -- ✅ API Gateway Service-Konfiguration korrigiert -- ✅ Deploy Resource Warnings eliminiert -- ✅ Korrekte Verwendung der compose-Datei-Kombinationen dokumentiert - -Alle ursprünglichen Fehler wurden behoben. Die docker-compose Befehle sollten nun ohne Fehler oder Warnings ausgeführt werden können. diff --git a/docker-compose.clients.yml b/docker-compose.clients.yml new file mode 100644 index 00000000..6784f383 --- /dev/null +++ b/docker-compose.clients.yml @@ -0,0 +1,136 @@ +# =================================================================== +# Docker Compose - Client Applications +# Meldestelle Project - Frontend Components +# =================================================================== +# Usage: +# Mit Services: docker-compose -f docker-compose.yml -f docker-compose.services.yml -f docker-compose.clients.yml up -d +# Nur Frontend: docker-compose -f docker-compose.yml -f docker-compose.clients.yml up -d +# =================================================================== + +services: + # =================================================================== + # Web Application (Kotlin Multiplatform) + # =================================================================== + web-app: + build: + context: . + dockerfile: dockerfiles/clients/web-app/Dockerfile + args: + CLIENT_PATH: client/common-ui + CLIENT_MODULE: web-app + CLIENT_NAME: meldestelle-web-app + container_name: meldestelle-web-app + environment: + NODE_ENV: ${NODE_ENV:-production} + API_BASE_URL: http://api-gateway:${GATEWAY_PORT:-8081} + WS_URL: ws://api-gateway:${GATEWAY_PORT:-8081}/ws + APP_TITLE: ${APP_NAME:-Meldestelle} + APP_VERSION: ${APP_VERSION:-1.0.0} + # Development specific + WEBPACK_DEV_SERVER_HOST: 0.0.0.0 + WEBPACK_DEV_SERVER_PORT: 3000 + ports: + - "3000:3000" + depends_on: + - api-gateway + networks: + - meldestelle-network + healthcheck: + test: ["CMD", "curl", "--fail", "http://localhost:3000/health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 60s + restart: unless-stopped + labels: + - "traefik.enable=true" + - "traefik.http.routers.web-app.rule=Host(`localhost`) && PathPrefix(`/`)" + - "traefik.http.services.web-app.loadbalancer.server.port=3000" + + # =================================================================== + # Auth Server (Custom Keycloak Extension) + # =================================================================== + auth-server: + build: + context: . + dockerfile: dockerfiles/infrastructure/auth-server/Dockerfile + container_name: meldestelle-auth-server + environment: + SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-dev} + SERVER_PORT: ${AUTH_SERVICE_PORT:-8087} + KEYCLOAK_SERVER_URL: http://keycloak:8080 + KEYCLOAK_REALM: meldestelle + KEYCLOAK_CLIENT_ID: meldestelle-auth-service + KEYCLOAK_CLIENT_SECRET: ${KEYCLOAK_CLIENT_SECRET:-auth-service-secret} + DB_HOST: postgres + DB_PORT: 5432 + DB_NAME: ${POSTGRES_DB:-meldestelle} + DB_USER: ${POSTGRES_USER:-meldestelle} + DB_PASSWORD: ${POSTGRES_PASSWORD:-meldestelle} + JWT_SECRET: ${JWT_SECRET:-meldestelle-jwt-secret-key-for-development-change-in-production} + JWT_ISSUER: ${JWT_ISSUER:-meldestelle-api} + JWT_AUDIENCE: ${JWT_AUDIENCE:-meldestelle-clients} + ports: + - "${AUTH_SERVICE_PORT:-8087}:${AUTH_SERVICE_PORT:-8087}" + depends_on: + keycloak: + condition: service_healthy + postgres: + condition: service_healthy + networks: + - meldestelle-network + healthcheck: + test: ["CMD", "curl", "--fail", "http://localhost:${AUTH_SERVICE_PORT:-8087}/actuator/health"] + interval: 15s + timeout: 5s + retries: 3 + start_period: 30s + restart: unless-stopped + + # =================================================================== + # Monitoring Server (Custom Grafana Extensions) + # =================================================================== + monitoring-server: + build: + context: . + dockerfile: dockerfiles/infrastructure/monitoring-server/Dockerfile + container_name: meldestelle-monitoring-server + environment: + SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-dev} + SERVER_PORT: 8088 + GRAFANA_URL: http://grafana:3000 + PROMETHEUS_URL: http://prometheus:9090 + GRAFANA_ADMIN_USER: ${GF_SECURITY_ADMIN_USER:-admin} + GRAFANA_ADMIN_PASSWORD: ${GF_SECURITY_ADMIN_PASSWORD:-admin} + METRICS_AUTH_USERNAME: ${METRICS_AUTH_USERNAME:-admin} + METRICS_AUTH_PASSWORD: ${METRICS_AUTH_PASSWORD:-metrics} + ports: + - "8088:8088" + depends_on: + - api-gateway + networks: + - meldestelle-network + healthcheck: + test: ["CMD", "curl", "--fail", "http://localhost:8088/actuator/health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 45s + restart: unless-stopped + volumes: + - monitoring-data:/app/data + - ./docker/monitoring:/app/config:ro + +# =================================================================== +# Volumes für Client-spezifische Daten +# =================================================================== +volumes: + monitoring-data: + driver: local + +# =================================================================== +# Networks (external reference to main network) +# =================================================================== +networks: + meldestelle-network: + external: true diff --git a/docker-compose.services.yml b/docker-compose.services.yml new file mode 100644 index 00000000..e296db81 --- /dev/null +++ b/docker-compose.services.yml @@ -0,0 +1,232 @@ +# =================================================================== +# Docker Compose - Microservices +# Meldestelle Project - Application Services +# =================================================================== +# Usage: +# Vollständiges System: docker-compose -f docker-compose.yml -f docker-compose.services.yml up -d +# =================================================================== + +services: + # =================================================================== + # Ping Service (Health Check & Test Service) + # =================================================================== + ping-service: + build: + context: . + dockerfile: dockerfiles/services/ping-service/Dockerfile + container_name: meldestelle-ping-service + environment: + SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-dev} + SERVER_PORT: ${PING_SERVICE_PORT:-8082} + CONSUL_HOST: consul + CONSUL_PORT: ${CONSUL_PORT:-8500} + CONSUL_ENABLED: ${CONSUL_ENABLED:-true} + DB_HOST: postgres + DB_PORT: 5432 + DB_NAME: ${POSTGRES_DB:-meldestelle} + DB_USER: ${POSTGRES_USER:-meldestelle} + DB_PASSWORD: ${POSTGRES_PASSWORD:-meldestelle} + REDIS_EVENT_STORE_HOST: redis + REDIS_EVENT_STORE_PORT: 6379 + REDIS_EVENT_STORE_PASSWORD: ${REDIS_PASSWORD:-} + ports: + - "${PING_SERVICE_PORT:-8082}:${PING_SERVICE_PORT:-8082}" + depends_on: + consul: + condition: service_healthy + postgres: + condition: service_healthy + redis: + condition: service_healthy + networks: + - meldestelle-network + healthcheck: + test: ["CMD", "curl", "--fail", "http://localhost:${PING_SERVICE_PORT:-8082}/actuator/health"] + interval: 15s + timeout: 5s + retries: 3 + start_period: 30s + restart: unless-stopped + + # =================================================================== + # Members Service + # =================================================================== + members-service: + build: + context: . + dockerfile: dockerfiles/services/members-service/Dockerfile + container_name: meldestelle-members-service + environment: + SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-dev} + SERVER_PORT: ${MEMBERS_SERVICE_PORT:-8083} + CONSUL_HOST: consul + CONSUL_PORT: ${CONSUL_PORT:-8500} + CONSUL_ENABLED: ${CONSUL_ENABLED:-true} + DB_HOST: postgres + DB_PORT: 5432 + DB_NAME: ${POSTGRES_DB:-meldestelle} + DB_USER: ${POSTGRES_USER:-meldestelle} + DB_PASSWORD: ${POSTGRES_PASSWORD:-meldestelle} + REDIS_EVENT_STORE_HOST: redis + REDIS_EVENT_STORE_PORT: 6379 + REDIS_EVENT_STORE_PASSWORD: ${REDIS_PASSWORD:-} + KAFKA_BOOTSTRAP_SERVERS: kafka:29092 + ports: + - "${MEMBERS_SERVICE_PORT:-8083}:${MEMBERS_SERVICE_PORT:-8083}" + depends_on: + consul: + condition: service_healthy + postgres: + condition: service_healthy + redis: + condition: service_healthy + api-gateway: + condition: service_healthy + networks: + - meldestelle-network + healthcheck: + test: ["CMD", "curl", "--fail", "http://localhost:${MEMBERS_SERVICE_PORT:-8083}/actuator/health"] + interval: 15s + timeout: 5s + retries: 3 + start_period: 30s + restart: unless-stopped + + # =================================================================== + # Horses Service + # =================================================================== + horses-service: + build: + context: . + dockerfile: dockerfiles/services/horses-service/Dockerfile + container_name: meldestelle-horses-service + environment: + SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-dev} + SERVER_PORT: ${HORSES_SERVICE_PORT:-8084} + CONSUL_HOST: consul + CONSUL_PORT: ${CONSUL_PORT:-8500} + CONSUL_ENABLED: ${CONSUL_ENABLED:-true} + DB_HOST: postgres + DB_PORT: 5432 + DB_NAME: ${POSTGRES_DB:-meldestelle} + DB_USER: ${POSTGRES_USER:-meldestelle} + DB_PASSWORD: ${POSTGRES_PASSWORD:-meldestelle} + REDIS_EVENT_STORE_HOST: redis + REDIS_EVENT_STORE_PORT: 6379 + REDIS_EVENT_STORE_PASSWORD: ${REDIS_PASSWORD:-} + KAFKA_BOOTSTRAP_SERVERS: kafka:29092 + ports: + - "${HORSES_SERVICE_PORT:-8084}:${HORSES_SERVICE_PORT:-8084}" + depends_on: + consul: + condition: service_healthy + postgres: + condition: service_healthy + redis: + condition: service_healthy + api-gateway: + condition: service_healthy + networks: + - meldestelle-network + healthcheck: + test: ["CMD", "curl", "--fail", "http://localhost:${HORSES_SERVICE_PORT:-8084}/actuator/health"] + interval: 15s + timeout: 5s + retries: 3 + start_period: 30s + restart: unless-stopped + + # =================================================================== + # Events Service + # =================================================================== + events-service: + build: + context: . + dockerfile: dockerfiles/services/events-service/Dockerfile + container_name: meldestelle-events-service + environment: + SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-dev} + SERVER_PORT: ${EVENTS_SERVICE_PORT:-8085} + CONSUL_HOST: consul + CONSUL_PORT: ${CONSUL_PORT:-8500} + CONSUL_ENABLED: ${CONSUL_ENABLED:-true} + DB_HOST: postgres + DB_PORT: 5432 + DB_NAME: ${POSTGRES_DB:-meldestelle} + DB_USER: ${POSTGRES_USER:-meldestelle} + DB_PASSWORD: ${POSTGRES_PASSWORD:-meldestelle} + REDIS_EVENT_STORE_HOST: redis + REDIS_EVENT_STORE_PORT: 6379 + REDIS_EVENT_STORE_PASSWORD: ${REDIS_PASSWORD:-} + KAFKA_BOOTSTRAP_SERVERS: kafka:29092 + ports: + - "${EVENTS_SERVICE_PORT:-8085}:${EVENTS_SERVICE_PORT:-8085}" + depends_on: + consul: + condition: service_healthy + postgres: + condition: service_healthy + redis: + condition: service_healthy + api-gateway: + condition: service_healthy + networks: + - meldestelle-network + healthcheck: + test: ["CMD", "curl", "--fail", "http://localhost:${EVENTS_SERVICE_PORT:-8085}/actuator/health"] + interval: 15s + timeout: 5s + retries: 3 + start_period: 30s + restart: unless-stopped + + # =================================================================== + # Masterdata Service + # =================================================================== + masterdata-service: + build: + context: . + dockerfile: dockerfiles/services/masterdata-service/Dockerfile + container_name: meldestelle-masterdata-service + environment: + SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-dev} + SERVER_PORT: ${MASTERDATA_SERVICE_PORT:-8086} + CONSUL_HOST: consul + CONSUL_PORT: ${CONSUL_PORT:-8500} + CONSUL_ENABLED: ${CONSUL_ENABLED:-true} + DB_HOST: postgres + DB_PORT: 5432 + DB_NAME: ${POSTGRES_DB:-meldestelle} + DB_USER: ${POSTGRES_USER:-meldestelle} + DB_PASSWORD: ${POSTGRES_PASSWORD:-meldestelle} + REDIS_EVENT_STORE_HOST: redis + REDIS_EVENT_STORE_PORT: 6379 + REDIS_EVENT_STORE_PASSWORD: ${REDIS_PASSWORD:-} + KAFKA_BOOTSTRAP_SERVERS: kafka:29092 + ports: + - "${MASTERDATA_SERVICE_PORT:-8086}:${MASTERDATA_SERVICE_PORT:-8086}" + depends_on: + consul: + condition: service_healthy + postgres: + condition: service_healthy + redis: + condition: service_healthy + api-gateway: + condition: service_healthy + networks: + - meldestelle-network + healthcheck: + test: ["CMD", "curl", "--fail", "http://localhost:${MASTERDATA_SERVICE_PORT:-8086}/actuator/health"] + interval: 15s + timeout: 5s + retries: 3 + start_period: 30s + restart: unless-stopped + +# =================================================================== +# Networks (external reference to main network) +# =================================================================== +networks: + meldestelle-network: + external: true diff --git a/docker-compose.yml b/docker-compose.yml index e3f43d1f..f3d6b37f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -103,6 +103,105 @@ services: start_period: 15s restart: unless-stopped + # =================================================================== + # Messaging (Kafka & Zookeeper) + # =================================================================== + zookeeper: + image: confluentinc/cp-zookeeper:7.4.0 + container_name: meldestelle-zookeeper + environment: + ZOOKEEPER_CLIENT_PORT: ${ZOOKEEPER_CLIENT_PORT:-2181} + ZOOKEEPER_TICK_TIME: 2000 + ports: + - "${ZOOKEEPER_CLIENT_PORT:-2181}:2181" + networks: + - meldestelle-network + healthcheck: + test: ["CMD", "bash", "-c", "echo 'ruok' | nc localhost 2181"] + interval: 10s + timeout: 5s + retries: 3 + start_period: 15s + restart: unless-stopped + + kafka: + image: confluentinc/cp-kafka:7.4.0 + container_name: meldestelle-kafka + environment: + KAFKA_BROKER_ID: ${KAFKA_BROKER_ID:-1} + KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 + KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:${KAFKA_PORT:-9092} + KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT + KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT + KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: ${KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR:-1} + ports: + - "${KAFKA_PORT:-9092}:9092" + depends_on: + zookeeper: + condition: service_healthy + networks: + - meldestelle-network + healthcheck: + test: ["CMD", "kafka-broker-api-versions", "--bootstrap-server", "localhost:9092"] + interval: 10s + timeout: 5s + retries: 3 + start_period: 30s + restart: unless-stopped + + # =================================================================== + # Monitoring (Prometheus & Grafana) + # =================================================================== + prometheus: + image: prom/prometheus:v2.47.0 + container_name: meldestelle-prometheus + ports: + - "${PROMETHEUS_PORT:-9090}:9090" + volumes: + - prometheus-data:/prometheus + - ./docker/monitoring/prometheus:/etc/prometheus:ro + command: + - '--config.file=/etc/prometheus/prometheus.yml' + - '--storage.tsdb.path=/prometheus' + - '--web.console.libraries=/etc/prometheus/console_libraries' + - '--web.console.templates=/etc/prometheus/consoles' + - '--storage.tsdb.retention.time=200h' + - '--web.enable-lifecycle' + networks: + - meldestelle-network + healthcheck: + test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:9090/-/healthy"] + interval: 10s + timeout: 5s + retries: 3 + start_period: 20s + restart: unless-stopped + + grafana: + image: grafana/grafana:10.1.0 + container_name: meldestelle-grafana + environment: + GF_SECURITY_ADMIN_USER: ${GF_SECURITY_ADMIN_USER:-admin} + GF_SECURITY_ADMIN_PASSWORD: ${GF_SECURITY_ADMIN_PASSWORD:-admin} + GF_USERS_ALLOW_SIGN_UP: ${GF_USERS_ALLOW_SIGN_UP:-false} + GF_INSTALL_PLUGINS: grafana-piechart-panel + ports: + - "${GRAFANA_PORT:-3000}:3000" + volumes: + - grafana-data:/var/lib/grafana + - ./docker/monitoring/grafana:/etc/grafana/provisioning:ro + depends_on: + - prometheus + networks: + - meldestelle-network + healthcheck: + test: ["CMD", "curl", "--fail", "http://localhost:3000/api/health"] + interval: 10s + timeout: 5s + retries: 3 + start_period: 30s + restart: unless-stopped + # =================================================================== # API Gateway # =================================================================== @@ -145,6 +244,10 @@ volumes: driver: local redis-data: driver: local + prometheus-data: + driver: local + grafana-data: + driver: local # =================================================================== # Networks diff --git a/fix_verification.md b/fix_verification.md deleted file mode 100644 index 7932d19d..00000000 --- a/fix_verification.md +++ /dev/null @@ -1,46 +0,0 @@ -# Ping Service 503 Error Fix Verification - -## Problem Analysis -- **Issue**: GET http://localhost:8081/api/ping returns 503 SERVICE_UNAVAILABLE -- **Root Cause**: Gateway has Consul service discovery disabled (CONSUL_ENABLED:false) but uses load balancing route (lb://ping-service) -- **Evidence**: - - Gateway config line 23-26: `enabled: ${CONSUL_ENABLED:false}` - - Ping service is registered with Consul (register: true) - - Consul container is running and healthy - - Health endpoint shows ping-service is registered in Consul - -## Solution Applied -**File**: `/home/stefan/WsMeldestelle/Meldestelle/infrastructure/gateway/src/main/resources/application.yml` - -**Change**: Lines 23-26 -```yaml -# BEFORE (causing 503 error) -enabled: ${CONSUL_ENABLED:false} -discovery: - enabled: ${CONSUL_ENABLED:false} - register: ${CONSUL_ENABLED:false} - -# AFTER (fixes 503 error) -enabled: ${CONSUL_ENABLED:true} -discovery: - enabled: ${CONSUL_ENABLED:true} - register: ${CONSUL_ENABLED:true} -``` - -## Why This Fixes the Issue -1. **Service Discovery**: Gateway can now discover services registered in Consul -2. **Load Balancing**: `lb://ping-service` route can now resolve to actual service instances -3. **Health Checks**: Gateway can perform health checks on discovered services -4. **Automatic Routing**: Requests to `/api/ping/**` will be routed to the ping service at localhost:8082 - -## Expected Result -- GET http://localhost:8081/api/ping → 200 OK (routed to ping service) -- Gateway will discover ping-service from Consul registry -- Circuit breaker and retry mechanisms will work properly -- Service load balancing will function as designed - -## Configuration Consistency -- **Gateway**: Consul discovery enabled ✓ -- **Ping Service**: Consul registration enabled ✓ -- **Consul**: Running and accessible on localhost:8500 ✓ -- **Network**: All services can communicate ✓ diff --git a/gradle-dependency-resolution-fix.md b/gradle-dependency-resolution-fix.md deleted file mode 100644 index b0b26115..00000000 --- a/gradle-dependency-resolution-fix.md +++ /dev/null @@ -1,177 +0,0 @@ -# Gradle Dependency Resolution Fix für Docker Build - -## Problemanalyse -Der Docker Build für den api-gateway Service schlug fehl mit folgendem Fehler: - -``` -> No matching variant of project :infrastructure:auth:auth-client was found. The consumer was configured to find a library for use during runtime, compatible with Java 21, packaged as a jar, preferably optimized for standard JVMs, and its dependencies declared externally, as well as attribute 'org.jetbrains.kotlin.platform.type' with value 'jvm' but: - - No variants exist. -``` - -Das gleiche Problem trat auch bei `:infrastructure:monitoring:monitoring-client` auf. - -## Grundursache -Die Bibliotheksmodule `auth-client` und `monitoring-client` waren nicht korrekt als Gradle-Bibliotheken konfiguriert und exponierten keine konsumierbare Varianten (API/Runtime) für abhängige Projekte wie das `api-gateway`. - -## Angewendete Lösungen - -### 1. Auth-Client Modul konfiguriert ✅ - -**Datei**: `/infrastructure/auth/auth-client/build.gradle.kts` - -**Vorher**: -```kotlin -plugins { - alias(libs.plugins.kotlin.jvm) - alias(libs.plugins.kotlin.spring) - alias(libs.plugins.kotlin.serialization) - alias(libs.plugins.spring.boot) // ❌ Falsch für Bibliotheksmodul - alias(libs.plugins.spring.dependencyManagement) -} - -// Manuelle JAR-Konfiguration erforderlich -tasks.getByName("bootJar") { - enabled = false -} -tasks.getByName("jar") { - enabled = true -} -``` - -**Nachher**: -```kotlin -plugins { - `java-library` // ✅ Erzeugt automatisch API/Runtime Varianten - alias(libs.plugins.kotlin.jvm) - alias(libs.plugins.kotlin.spring) - alias(libs.plugins.kotlin.serialization) - // Spring Boot Plugin entfernt ✅ - alias(libs.plugins.spring.dependencyManagement) -} - -// JAR-Konfiguration automatisch durch java-library Plugin ✅ -``` - -### 2. Monitoring-Client Modul konfiguriert ✅ - -**Datei**: `/infrastructure/monitoring/monitoring-client/build.gradle.kts` - -**Vorher**: -```kotlin -plugins { - alias(libs.plugins.kotlin.jvm) - alias(libs.plugins.kotlin.spring) - alias(libs.plugins.spring.dependencyManagement) - // Kein java-library Plugin ❌ -} -``` - -**Nachher**: -```kotlin -plugins { - `java-library` // ✅ Hinzugefügt für Varianten-Exposition - alias(libs.plugins.kotlin.jvm) - alias(libs.plugins.kotlin.spring) - alias(libs.plugins.spring.dependencyManagement) -} -``` - -### 3. Gradle Projekt-Struktur vervollständigt ✅ - -Erstellt fehlende parent `build.gradle` Dateien für korrekte Multi-Modul-Struktur: - -- `/infrastructure/build.gradle` ✅ -- `/infrastructure/auth/build.gradle` ✅ -- `/infrastructure/monitoring/build.gradle` ✅ - -Diese Dateien sind minimal und dienen als Container für Subprojekte: -```gradle -// Infrastructure Module Container -// This is a container module for infrastructure-related subprojects -``` - -## Technische Details - -### Was das `java-library` Plugin bewirkt: -- **Automatische Varianten-Erstellung**: Erstellt `apiElements` und `runtimeElements` Konfigurationen -- **Konsumierbare Artefakte**: Andere Projekte können diese Module als Abhängigkeiten verwenden -- **Transitive Abhängigkeiten**: Korrekte Behandlung von API vs. Implementation Dependencies -- **JAR-Erstellung**: Automatisches Erstellen von Standard-JAR-Dateien (nicht executable) - -### Warum Spring Boot Plugin entfernt wurde: -- Spring Boot Plugin ist für **ausführbare Anwendungen** gedacht, nicht für Bibliotheken -- Erzeugt `bootJar` statt Standard-JAR, was für Bibliotheken ungeeignet ist -- Verhindert die Erstellung konsumierbarer Gradle-Varianten - -### Multi-Modul-Struktur: -``` -infrastructure/ -├── build.gradle # Container -├── auth/ -│ ├── build.gradle # Container -│ └── auth-client/ -│ └── build.gradle.kts # Bibliothek mit java-library -└── monitoring/ - ├── build.gradle # Container - └── monitoring-client/ - └── build.gradle.kts # Bibliothek mit java-library -``` - -## Verifikation - -### Gradle-Konfiguration prüfen: -```bash -# Projekt-Struktur anzeigen -./gradlew projects - -# Abhängigkeiten anzeigen -./gradlew :infrastructure:gateway:dependencies - -# Varianten prüfen -./gradlew :infrastructure:auth:auth-client:outgoingVariants -./gradlew :infrastructure:monitoring:monitoring-client:outgoingVariants -``` - -### Docker Build testen: -```bash -# Sauberer Build ohne Cache -docker-compose -f docker-compose.yml -f docker-compose.services.yml build --no-cache api-gateway - -# Vollständiger Stack -docker-compose \ - -f docker-compose.yml \ - -f docker-compose.services.yml \ - -f docker-compose.clients.yml \ - up -d --build -``` - -## Erwartetes Ergebnis - -Nach Anwendung dieser Konfigurationen sollten: - -1. ✅ `auth-client` und `monitoring-client` korrekte Gradle-Varianten exponieren -2. ✅ `api-gateway` diese Module erfolgreich als Abhängigkeiten auflösen können -3. ✅ Docker Build ohne "No variants exist" Fehler durchlaufen -4. ✅ Alle Services korrekt starten und funktionieren - -## Zusätzliche Hinweise - -- **BOM-Management**: Die zentrale Versionierung über `platform-bom` bleibt unverändert -- **Dependency Management**: Spring Dependency Management Plugin sorgt für konsistente Versionen -- **Kotlin Multiplatform**: Core-Module verwenden weiterhin Kotlin Multiplatform Plugin -- **Testing**: Platform-Testing Bundle stellt einheitliche Test-Dependencies bereit - -## Rollback (falls nötig) - -Um die Änderungen rückgängig zu machen: -```bash -git checkout HEAD -- infrastructure/auth/auth-client/build.gradle.kts -git checkout HEAD -- infrastructure/monitoring/monitoring-client/build.gradle.kts -rm infrastructure/build.gradle -rm infrastructure/auth/build.gradle -rm infrastructure/monitoring/build.gradle -``` - -## Status: ✅ IMPLEMENTIERT - -Alle Konfigurationsänderungen wurden angewendet und sind bereit für Testing. diff --git a/infrastructure/gateway/src/main/kotlin/at/mocode/infrastructure/gateway/config/GatewayConfig.kt b/infrastructure/gateway/src/main/kotlin/at/mocode/infrastructure/gateway/config/GatewayConfig.kt index b6608322..6d39015e 100644 --- a/infrastructure/gateway/src/main/kotlin/at/mocode/infrastructure/gateway/config/GatewayConfig.kt +++ b/infrastructure/gateway/src/main/kotlin/at/mocode/infrastructure/gateway/config/GatewayConfig.kt @@ -134,7 +134,7 @@ class EnhancedLoggingFilter : GlobalFilter, Ordered { class RateLimitingFilter : GlobalFilter, Ordered { private val requestCounts = ConcurrentHashMap() - private val logger = org.slf4j.LoggerFactory.getLogger(RateLimitingFilter::class.java) + private val logger = LoggerFactory.getLogger(RateLimitingFilter::class.java) // Timestamp der letzten Bereinigung @Volatile @@ -169,7 +169,7 @@ class RateLimitingFilter : GlobalFilter, Ordered { val clientIp = getClientIp(request) val path = request.path.value() - // Periodische Bereinigung des Caches zur Vermeidung von Memory Leaks + // Periodische Bereinigung des Caches zur Vermeidung von memory Leaks performPeriodicCleanup() val limit = determineRateLimit(request, path) @@ -219,17 +219,17 @@ class RateLimitingFilter : GlobalFilter, Ordered { private fun isAdminUser(request: ServerHttpRequest): Boolean { // Sichere Rollenvalidierung basierend auf JWT-Authentifizierung - // Die X-User-Role wird vom JwtAuthenticationFilter nach erfolgreicher JWT-Validierung gesetzt + // die X-User-Role wird vom JwtAuthenticationFilter nach erfolgreicher JWT-Validierung gesetzt val userRole = request.headers.getFirst("X-User-Role") val userId = request.headers.getFirst("X-User-ID") - // Zusätzliche Sicherheitsprüfung: Beide Header müssen vorhanden sein + // Zusätzliche Sicherheitsprüfung: Beide Header müssen vorhanden sein. // Dies reduziert die Wahrscheinlichkeit von Header-Spoofing return userRole == "ADMIN" && userId != null } /** - * Bereinigt alte Einträge aus dem requestCounts Cache zur Vermeidung von Memory Leaks. + * Bereinigt alte Einträge aus dem requestCounts Cache zur Vermeidung von memory Leaks. * Wird nur alle CLEANUP_INTERVAL_MS ausgeführt für bessere Performance. */ private fun performPeriodicCleanup() { diff --git a/infrastructure/gateway/src/main/kotlin/at/mocode/infrastructure/gateway/metrics/GatewayMetricsConfig.kt b/infrastructure/gateway/src/main/kotlin/at/mocode/infrastructure/gateway/metrics/GatewayMetricsConfig.kt index e2c8706d..486bedba 100644 --- a/infrastructure/gateway/src/main/kotlin/at/mocode/infrastructure/gateway/metrics/GatewayMetricsConfig.kt +++ b/infrastructure/gateway/src/main/kotlin/at/mocode/infrastructure/gateway/metrics/GatewayMetricsConfig.kt @@ -94,11 +94,13 @@ class GatewayMetricsConfig { /** * Bean für Request Counter - ermöglicht Request-Volumen Tracking. + * Hinweis: Dieser Counter wird nur als Fallback registriert. + * Die tatsächlichen Requests werden mit dynamischen Tags im WebFilter erfasst. */ @Bean fun requestCounter(meterRegistry: MeterRegistry): Counter { - return Counter.builder(GATEWAY_REQUESTS_COUNTER) - .description("Gesamtanzahl der Gateway-Requests") + return Counter.builder("${GATEWAY_REQUESTS_COUNTER}_fallback") + .description("Gateway-Requests Fallback Counter") .register(meterRegistry) } diff --git a/infrastructure/gateway/src/main/resources/application.yml b/infrastructure/gateway/src/main/resources/application.yml index c2301114..d76e1209 100644 --- a/infrastructure/gateway/src/main/resources/application.yml +++ b/infrastructure/gateway/src/main/resources/application.yml @@ -250,6 +250,13 @@ management: enabled: true java: enabled: true + # Tracing-Konfiguration - Zipkin deaktiviert da kein Service verfügbar + tracing: + sampling: + probability: 0.0 # Deaktiviert Tracing komplett + zipkin: + tracing: + endpoint: "" # Leer um Zipkin zu deaktivieren # Erweiterte Logging-Konfiguration logging: diff --git a/scripts/validation/validate-env.sh b/scripts/validation/validate-env.sh index 4441b66f..cfbb94e0 100755 --- a/scripts/validation/validate-env.sh +++ b/scripts/validation/validate-env.sh @@ -7,79 +7,44 @@ # configured for the Meldestelle application. # ============================================================================= -set -e - -# Colors for output -RED='\033[0;31m' -GREEN='\033[0;32m' -YELLOW='\033[1;33m' -BLUE='\033[0;34m' -NC='\033[0m' # No Color - -# Counters -ERRORS=0 -WARNINGS=0 -CHECKS=0 - -echo -e "${BLUE}==============================================================================${NC}" -echo -e "${BLUE}Meldestelle - Environment Variables Validation${NC}" -echo -e "${BLUE}==============================================================================${NC}" -echo - -# Function to print status -print_status() { - local status=$1 - local message=$2 - - case $status in - "OK") - echo -e "${GREEN}✓${NC} $message" - ;; - "WARNING") - echo -e "${YELLOW}⚠${NC} $message" - ((WARNINGS++)) - ;; - "ERROR") - echo -e "${RED}✗${NC} $message" - ((ERRORS++)) - ;; - "INFO") - echo -e "${BLUE}ℹ${NC} $message" - ;; - esac - ((CHECKS++)) +# Load common utilities +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +# shellcheck source=../utils/common.sh +source "$SCRIPT_DIR/../utils/common.sh" || { + echo "Error: Could not load common utilities from $SCRIPT_DIR/../utils/common.sh" + exit 1 } +log_section "Meldestelle - Environment Variables Validation" + # Check if .env file exists -echo -e "${BLUE}1. Checking .env file...${NC}" +log_info "1. Checking .env file..." if [ -f ".env" ]; then - print_status "OK" ".env file exists" + log_success ".env file exists" # Load .env file set -a source .env set +a - print_status "OK" ".env file loaded successfully" + log_success ".env file loaded successfully" else - print_status "ERROR" ".env file not found" - echo -e "${RED}Please create a .env file based on the documentation.${NC}" + log_error ".env file not found" + log_error "Please create a .env file based on the documentation." exit 1 fi -echo # Check if docker-compose.yml exists -echo -e "${BLUE}2. Checking docker-compose.yml file...${NC}" +log_info "2. Checking docker-compose.yml file..." if [ -f "docker-compose.yml" ]; then print_status "OK" "docker-compose.yml file exists" else - print_status "ERROR" "docker-compose.yml file not found" + log_error "docker-compose.yml file not found" exit 1 fi -echo # Define required environment variables -echo -e "${BLUE}3. Checking required environment variables...${NC}" +log_info "3. Checking required environment variables..." # Application Configuration check_var() { @@ -89,11 +54,11 @@ check_var() { local description=$3 if [ -n "$var_value" ]; then - print_status "OK" "$var_name is set: '$var_value'" + log_success "$var_name is set: '$var_value'" elif [ "$is_required" = true ]; then - print_status "ERROR" "$var_name is required but not set ($description)" + log_error "$var_name is required but not set ($description)" else - print_status "WARNING" "$var_name is not set ($description)" + log_warning "$var_name is not set ($description)" fi } diff --git a/temp/README_TEMP.md b/temp/README_TEMP.md deleted file mode 100644 index 9a09cabc..00000000 --- a/temp/README_TEMP.md +++ /dev/null @@ -1,355 +0,0 @@ -# Ping Service - Circuit Breaker Demo - -## ⚠️ Wichtiger Hinweis - -Dieses Modul (`:temp:ping-service`) ist ein **temporärer Service** ausschließlich für Testzwecke. Seine Aufgabe ist die Validierung der technischen Infrastruktur im Rahmen des **"Tracer Bullet"-Szenarios** und die Demonstration von **Circuit Breaker Patterns**. - -Nachdem der End-to-End-Test erfolgreich war, sollte dieses Modul in der `settings.gradle.kts` wieder deaktiviert oder vollständig entfernt werden. - -## 📋 Inhaltsverzeichnis - -- [Überblick](#überblick) -- [Architektur & Features](#architektur--features) -- [API Endpoints](#api-endpoints) -- [Konfiguration](#konfiguration) -- [Lokale Entwicklung](#lokale-entwicklung) -- [Docker Deployment](#docker-deployment) -- [Testing](#testing) -- [Monitoring & Health Checks](#monitoring--health-checks) -- [Troubleshooting](#troubleshooting) - -## 🎯 Überblick - -Der `ping-service` ist ein Spring Boot Microservice, der die grundlegende Service-Architektur und moderne Resilience Patterns demonstriert: - -- **Circuit Breaker Pattern** mit Resilience4j -- **Service Discovery** mit Spring Cloud Consul -- **Health Checks** und **Monitoring** mit Spring Boot Actuator -- **Containerisierte Deployment** mit optimiertem Docker Setup -- **Comprehensive Testing** mit Integration- und Unit-Tests - -## 🏗️ Architektur & Features - -### Technology Stack -- **Spring Boot 3.2.5** - Modern Java/Kotlin web framework -- **Kotlin** - Primary programming language -- **Resilience4j** - Circuit breaker and fault tolerance -- **Spring Cloud Consul** - Service discovery and configuration -- **Micrometer + Prometheus** - Metrics collection -- **Docker** - Containerization with multi-stage builds - -### Circuit Breaker Configuration -Der Service verwendet Resilience4j Circuit Breaker mit folgenden Einstellungen: -- **Failure Rate Threshold**: 60% (Circuit öffnet bei 60% Fehlern) -- **Minimum Calls**: 4 (Mindestanzahl Calls für Berechnung) -- **Wait Duration**: 5s (Wartezeit im OPEN Status) -- **Half-Open Calls**: 3 (Anzahl Calls im HALF_OPEN Status) - -## 🚀 API Endpoints - -### 1. Standard Ping Endpoint -```http -GET /ping -``` -**Beschreibung**: Einfacher Ping ohne Circuit Breaker -**Response**: -```json -{ - "status": "pong" -} -``` - -### 2. Enhanced Ping mit Circuit Breaker -```http -GET /ping/enhanced?simulate=false -``` -**Beschreibung**: Ping mit Circuit Breaker Schutz -**Query Parameter**: -- `simulate` (optional): `true` für Failure-Simulation - -**Success Response**: -```json -{ - "status": "pong", - "timestamp": "2025-08-14 12:26:30", - "service": "ping-service", - "circuitBreaker": "CLOSED" -} -``` - -**Fallback Response** (Circuit Breaker OPEN): -```json -{ - "status": "fallback", - "message": "Service temporarily unavailable", - "timestamp": "2025-08-14 12:26:30", - "service": "ping-service-fallback", - "circuitBreaker": "OPEN", - "error": "Simulated service failure" -} -``` - -### 3. Health Check Endpoint -```http -GET /ping/health -``` -**Beschreibung**: Health Check mit Circuit Breaker Status - -**Response**: -```json -{ - "status": "UP", - "timestamp": "2025-08-14 12:26:30", - "circuitBreaker": "CLOSED" -} -``` - -### 4. Test Failure Endpoint -```http -GET /ping/test-failure -``` -**Beschreibung**: Endpoint zum Testen der Circuit Breaker Funktionalität (60% Failure Rate) - -## ⚙️ Konfiguration - -### Application Configuration (`application.yml`) -```yaml -spring: - application: - name: ping-service - cloud: - consul: - host: localhost - port: 8500 - discovery: - register: true - health-check-path: /actuator/health - health-check-interval: 10s - -server: - port: 8082 - -management: - endpoints: - web: - exposure: - include: health,info,circuitbreakers - endpoint: - health: - show-details: always - -resilience4j: - circuitbreaker: - instances: - pingCircuitBreaker: - failure-rate-threshold: 60 - minimum-number-of-calls: 4 - wait-duration-in-open-state: 5s - permitted-number-of-calls-in-half-open-state: 3 -``` - -### Environment Variables -- `SPRING_PROFILES_ACTIVE`: Aktives Spring Profil (default: `default`) -- `DEBUG`: Enable Debug-Modus (`true`/`false`, Debug Port: 5005) -- `SERVER_PORT`: Server Port (default: `8082`) - -## 💻 Lokale Entwicklung - -### Prerequisites -- Java 21+ -- Docker (optional) -- Consul (für Service Discovery) - -### Service starten -```bash -# Standard Start -./gradlew :temp:ping-service:bootRun - -# Mit spezifischem Profil -./gradlew :temp:ping-service:bootRun -Pspring.profiles.active=dev - -# Build JAR -./gradlew :temp:ping-service:bootJar -``` - -### Service testen -```bash -# Standard Ping -curl http://localhost:8082/ping - -# Enhanced Ping -curl http://localhost:8082/ping/enhanced - -# Health Check -curl http://localhost:8082/ping/health - -# Circuit Breaker mit Simulation -curl "http://localhost:8082/ping/enhanced?simulate=true" - -# Failure Test -curl http://localhost:8082/ping/test-failure -``` - -## 🐳 Docker Deployment - -### Build Docker Image -```bash -# Von der Projekt-Root ausführen -docker build -t ping-service:latest -f temp/ping-service/Dockerfile . -``` - -### Run Container -```bash -# Standard Mode -docker run -p 8082:8082 ping-service:latest - -# Debug Mode -docker run -p 8082:8082 -p 5005:5005 -e DEBUG=true ping-service:latest - -# Mit Environment Variables -docker run -p 8082:8082 \ - -e SPRING_PROFILES_ACTIVE=prod \ - -e LOGGING_LEVEL_ROOT=WARN \ - ping-service:latest -``` - -### Docker Features -- **Multi-stage Build** für optimale Image-Größe -- **Non-root User** für bessere Sicherheit -- **Health Checks** integriert -- **JVM Optimierungen** für Container-Umgebung -- **Debug Support** über Environment Variables - -## 🧪 Testing - -### Unit Tests ausführen -```bash -./gradlew :temp:ping-service:test -``` - -### Integration Tests -```bash -./gradlew :temp:ping-service:integrationTest -``` - -### Test Coverage -Der Service enthält umfassende Tests für: -- **Controller Tests**: API Endpoint Validierung -- **Circuit Breaker Tests**: Resilience4j Integration -- **Integration Tests**: End-to-End Scenarios -- **Health Check Tests**: Actuator Endpoint Validation - -### Test Klassen -- `PingControllerTest`: Controller Unit Tests -- `PingControllerIntegrationTest`: Full Spring Context Tests -- `PingServiceCircuitBreakerTest`: Circuit Breaker Logic Tests - -## 📊 Monitoring & Health Checks - -### Actuator Endpoints -- **Health**: `GET /actuator/health` -- **Health Readiness**: `GET /actuator/health/readiness` -- **Health Liveness**: `GET /actuator/health/liveness` -- **Info**: `GET /actuator/info` -- **Circuit Breakers**: `GET /actuator/circuitbreakers` -- **Metrics**: `GET /actuator/metrics` -- **Prometheus**: `GET /actuator/prometheus` - -### Circuit Breaker Monitoring -```bash -# Circuit Breaker Status -curl http://localhost:8082/actuator/circuitbreakers - -# Metrics -curl http://localhost:8082/actuator/metrics/resilience4j.circuitbreaker.calls - -# Prometheus Format -curl http://localhost:8082/actuator/prometheus | grep circuit -``` - -### Service Discovery -Bei aktiviertem Consul wird der Service automatisch registriert: -- **Service Name**: `ping-service` -- **Health Check**: `/actuator/health` -- **Check Interval**: 10 Sekunden - -## 🔧 Troubleshooting - -### Häufige Probleme - -#### 1. Service startet nicht (Port bereits belegt) -```bash -# Port prüfen -netstat -tlnp | grep 8082 - -# Alternativen Port verwenden -SERVER_PORT=8083 ./gradlew :temp:ping-service:bootRun -``` - -#### 2. Circuit Breaker öffnet nicht -- Mindestens 4 Calls erforderlich (siehe `minimum-number-of-calls`) -- 60% Failure Rate erforderlich -- Verwende `/ping/test-failure` für Tests - -#### 3. Consul Connection Failed -```bash -# Consul Status prüfen -consul agent -dev - -# Oder Service ohne Consul starten -spring.cloud.consul.discovery.enabled=false -``` - -#### 4. Docker Build Fails -```bash -# Build Context prüfen - muss von Projekt-Root ausgeführt werden -docker build -t ping-service:test -f temp/ping-service/Dockerfile . - -# Nicht von temp/ping-service/ ausführen! -``` - -### Debug Mode -```bash -# Debug Mode aktivieren -DEBUG=true ./gradlew :temp:ping-service:bootRun - -# Debug Port: 5005 -``` - -### Logs -```bash -# Alle Logs -docker logs - -# Circuit Breaker Logs -docker logs 2>&1 | grep -i circuit - -# Health Check Logs -docker logs 2>&1 | grep -i health -``` - -## 📝 Entwicklungsnotizen - -### Warum Circuit Breaker? -Der Circuit Breaker Pattern verhindert: -- **Cascade Failures**: Verhindert Ausfall-Kaskaden -- **Resource Exhaustion**: Schont Ressourcen bei Service-Problemen -- **Fast Failure**: Schnelle Fehlerrückmeldung statt lange Timeouts - -### Fallback Strategy -Bei OPEN Circuit Breaker: -- Sofortige Fallback-Response (keine Latenz) -- Informative Fehlermeldungen -- Status-Informationen für Debugging - -### Production Readiness -- Health Checks für Kubernetes/Docker -- Prometheus Metriken für Monitoring -- Non-root Container für Sicherheit -- Optimierte JVM Settings für Container - ---- - -**Letzte Aktualisierung**: 2025-08-14 -**Version**: 1.0.0 -**Maintainer**: Meldestelle Development Team diff --git a/test-dockerfile.sh b/test-dockerfile.sh deleted file mode 100755 index c6141c2b..00000000 --- a/test-dockerfile.sh +++ /dev/null @@ -1,163 +0,0 @@ -#!/bin/bash - -# Test script to validate the kotlin-multiplatform-web.Dockerfile template -# - Robust pre-checks (Docker, buildx, file existence) -# - Safer bash settings, clear diagnostics -# - Uses ephemeral ports for container run test (avoids conflicts) -# - Cleans up containers/images even on failure - -set -Eeuo pipefail - -DOCKERFILE_PATH="dockerfiles/templates/kotlin-multiplatform-web.Dockerfile" -SCRIPT_NAME="$(basename "$0")" - -# Unique suffix to avoid tag/container collisions -RAND_SUFFIX=$(date +%s)-$RANDOM -IMAGE_DEFAULT="test-kotlin-web:default-${RAND_SUFFIX}" -IMAGE_CUSTOM="test-kotlin-web:custom-${RAND_SUFFIX}" -CONTAINER_NAME="test-container-${RAND_SUFFIX}" - -cleanup() { - echo "[cleanup] Stopping/removing test resources (if any)..." || true - docker rm -f "$CONTAINER_NAME" >/dev/null 2>&1 || true - docker rmi "$IMAGE_DEFAULT" "$IMAGE_CUSTOM" >/dev/null 2>&1 || true -} -trap cleanup EXIT - -info() { echo "[INFO] $*"; } -success(){ echo "[ OK ] $*"; } -warn() { echo "[WARN] $*"; } -fail() { echo "[FAIL] $*"; exit 1; } - -info "Testing Kotlin Multiplatform Web Dockerfile Template" -echo "=======================================================" - -# ------------------------------------------------------------------- -# 0. Pre-checks -# ------------------------------------------------------------------- -command -v docker >/dev/null 2>&1 || fail "Docker is not installed or not in PATH" -if ! docker info >/dev/null 2>&1; then - fail "Docker does not seem to be running or accessible for the current user" -fi - -if [ ! -f "$DOCKERFILE_PATH" ]; then - fail "Dockerfile not found at: $DOCKERFILE_PATH" -fi - -HAS_BUILDX=1 -if ! docker buildx version >/dev/null 2>&1; then - HAS_BUILDX=0 - warn "docker buildx not available; skipping buildx-specific syntax check" -fi - -# ------------------------------------------------------------------- -# 1. Static checks on Dockerfile structure -# ------------------------------------------------------------------- -info "1) Validating Dockerfile structure and ARG definitions" - -# Required ARG variables must be defined (somewhere in the file) -if grep -q "^ARG CLIENT_PATH=" "$DOCKERFILE_PATH" \ - && grep -q "^ARG CLIENT_MODULE=" "$DOCKERFILE_PATH" \ - && grep -q "^ARG CLIENT_NAME=" "$DOCKERFILE_PATH"; then - success "Required ARG declarations found" -else - fail "Missing required ARG declarations (CLIENT_PATH, CLIENT_MODULE, CLIENT_NAME)" -fi - -# Ensure expected stages are present -if grep -qiE "^FROM .* as kotlin-builder" "$DOCKERFILE_PATH" && \ - grep -qiE "^FROM .* as runtime" "$DOCKERFILE_PATH"; then - success "Build stages 'kotlin-builder' and 'runtime' found" -else - fail "Expected stages 'kotlin-builder' and/or 'runtime' not found" -fi - -# Verify that ARGs are re-declared in both stages (search within ~40 lines after each stage marker) -kotlin_builder_args=$(grep -n "^FROM .* [Aa][Ss] kotlin-builder" "$DOCKERFILE_PATH" | cut -d: -f1 | xargs -I{} sh -c "sed -n '{}','{}+40p' '$DOCKERFILE_PATH' | grep -c '^ARG'" || echo 0) -runtime_args=$(grep -n "^FROM .* [Aa][Ss] runtime" "$DOCKERFILE_PATH" | cut -d: -f1 | xargs -I{} sh -c "sed -n '{}','{}+40p' '$DOCKERFILE_PATH' | grep -c '^ARG'" || echo 0) -if [ "${kotlin_builder_args:-0}" -ge 3 ] && [ "${runtime_args:-0}" -ge 3 ]; then - success "ARG declarations appear in both build stages" -else - fail "ARG declarations appear to be missing in one or both build stages" -fi - -# Optional: attempt a lightweight parsing via buildx (does not necessarily run heavy build) -if [ "$HAS_BUILDX" -eq 1 ]; then - info "Performing basic Dockerfile parsing with buildx (no image kept)" - # Try to parse/resolve without caching; don't fail the whole flow on noisy build output - if docker buildx build --no-cache -f "$DOCKERFILE_PATH" --platform linux/amd64 . \ - 2>&1 | head -50 | grep -q "ERROR.*failed to solve"; then - fail "Dockerfile has parsing errors (buildx failed to solve)" - else - success "Dockerfile basic parsing passed" - fi -else - warn "Skipping buildx parsing check" -fi - -# ------------------------------------------------------------------- -# 2. Build with default arguments (web-app) -# ------------------------------------------------------------------- -info "2) Building image with default arguments (web-app)" -if docker build --no-cache -f "$DOCKERFILE_PATH" -t "$IMAGE_DEFAULT" .; then - success "Build with default arguments successful" -else - fail "Build with default arguments failed" -fi - -# ------------------------------------------------------------------- -# 3. Build with custom arguments (desktop-app scenario) -# ------------------------------------------------------------------- -info "3) Building image with custom arguments (desktop-app scenario)" -if docker build --no-cache -f "$DOCKERFILE_PATH" \ - --build-arg CLIENT_PATH=client/desktop-app \ - --build-arg CLIENT_MODULE=client:desktop-app \ - --build-arg CLIENT_NAME=desktop-app \ - -t "$IMAGE_CUSTOM" .; then - success "Build with custom arguments successful" -else - warn "Build with custom arguments failed (this can be expected if desktop-app lacks proper assets/nginx.conf)" -fi - -# ------------------------------------------------------------------- -# 4. Run container and validate it responds over HTTP -# ------------------------------------------------------------------- -info "4) Running container from default image and validating HTTP response" -# -P maps service ports to random host ports; then detect the mapped port -if docker run --rm -d --name "$CONTAINER_NAME" -P "$IMAGE_DEFAULT" >/dev/null; then - # Determine mapped host port for container port 80 - sleep 3 - HOST_PORT=$(docker port "$CONTAINER_NAME" 80/tcp | sed -E 's/.*:(\d+)/\1/' | head -n1 || true) - if [ -z "${HOST_PORT:-}" ]; then - docker logs "$CONTAINER_NAME" || true - fail "Could not determine mapped host port for container" - fi - # Try a few times to allow nginx to start - for i in {1..10}; do - if curl -fsS "http://127.0.0.1:${HOST_PORT}" >/dev/null 2>&1; then - success "Container responded over HTTP on localhost:${HOST_PORT}" - break - fi - sleep 1 - done - # Final check (if not succeeded yet) - if ! curl -fsS "http://127.0.0.1:${HOST_PORT}" >/dev/null 2>&1; then - docker logs "$CONTAINER_NAME" || true - fail "Container started but did not respond on HTTP port" - fi -else - fail "Container failed to start" -fi - -# ------------------------------------------------------------------- -# 5. Done (cleanup happens via trap) -# ------------------------------------------------------------------- -echo "" -echo "=======================================================" -success "All tests completed successfully. The Dockerfile template looks healthy." -echo "Highlights:" -echo " - Verified presence of required ARGs and stages" -echo " - Performed basic parsing (when buildx available)" -echo " - Built images (default + custom args)" -echo " - Validated container HTTP responsiveness via ephemeral port" -echo "=======================================================" diff --git a/test_ping_fix.sh b/test_ping_fix.sh deleted file mode 100755 index c8d5d2ce..00000000 --- a/test_ping_fix.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -echo "Testing ping service fix..." -echo "==========================" - -echo "1. Checking if services are running..." -echo "Consul:" -curl -s http://localhost:8500/v1/health/state/passing | jq -r '.[] | select(.ServiceName=="ping-service") | "Service: " + .ServiceName + ", Status: " + .Status' - -echo "" -echo "Ping service health:" -curl -s http://localhost:8082/actuator/health | jq '.status' - -echo "" -echo "2. Testing gateway ping endpoint..." -echo "GET http://localhost:8081/api/ping" -response=$(curl -s -w "\nHTTP_CODE:%{http_code}" http://localhost:8081/api/ping) -echo "$response" - -echo "" -echo "3. Testing gateway actuator health..." -curl -s http://localhost:8081/actuator/health | jq '.status' diff --git a/test_port_configuration.sh b/test_port_configuration.sh deleted file mode 100755 index 8e7f3297..00000000 --- a/test_port_configuration.sh +++ /dev/null @@ -1,135 +0,0 @@ -#!/bin/bash - -# ============================================================================= -# Port Configuration Test Script -# ============================================================================= -# This script verifies that the centralized port management is working correctly -# and that the original port conflicts have been resolved. -# ============================================================================= - -set -e - -echo "🔍 Testing Port Configuration Changes..." -echo "========================================" -echo - -# Load environment variables from .env file -if [ -f ".env" ]; then - echo "📝 Loading .env file..." - source .env - echo "✅ .env file loaded successfully" -else - echo "❌ .env file not found!" - exit 1 -fi - -echo -echo "🔧 Current Port Configuration:" -echo "------------------------------" -echo "Gateway Port: ${GATEWAY_PORT:-8081}" -echo "Ping Service Port: ${PING_SERVICE_PORT:-8082}" -echo "Consul Port: ${CONSUL_PORT:-8500}" -echo "Redis Port: ${REDIS_PORT:-6379}" -echo - -# Test 1: Check that Gateway and Ping Service have different ports -echo "🧪 Test 1: Port Conflict Resolution" -echo "-----------------------------------" -GATEWAY_TEST_PORT=${GATEWAY_PORT:-8081} -PING_TEST_PORT=${PING_SERVICE_PORT:-8082} - -if [ "$GATEWAY_TEST_PORT" -ne "$PING_TEST_PORT" ]; then - echo "✅ PASS: Gateway ($GATEWAY_TEST_PORT) and Ping Service ($PING_TEST_PORT) have different ports" -else - echo "❌ FAIL: Gateway and Ping Service still have the same port!" - exit 1 -fi - -# Test 2: Verify all services have unique ports -echo -echo "🧪 Test 2: All Services Have Unique Ports" -echo "------------------------------------------" -ALL_PORTS=("$GATEWAY_TEST_PORT" "$PING_TEST_PORT" "${CONSUL_PORT:-8500}" "${REDIS_PORT:-6379}") -UNIQUE_PORTS=() -while IFS= read -r line; do - UNIQUE_PORTS+=("$line") -done < <(printf "%s\n" "${ALL_PORTS[@]}" | sort -u) - -if [ ${#ALL_PORTS[@]} -eq ${#UNIQUE_PORTS[@]} ]; then - echo "✅ PASS: All services have unique ports" - echo " Gateway: $GATEWAY_TEST_PORT" - echo " Ping Service: $PING_TEST_PORT" - echo " Consul: ${CONSUL_PORT:-8500}" - echo " Redis: ${REDIS_PORT:-6379}" -else - echo "❌ FAIL: Port conflicts detected!" - echo " All ports: ${ALL_PORTS[*]}" - echo " Unique ports: ${UNIQUE_PORTS[*]}" - exit 1 -fi - -# Test 3: Check docker-compose environment variable substitution -echo -echo "🧪 Test 3: Docker Compose Configuration" -echo "---------------------------------------" -if grep -q "\${GATEWAY_PORT:-8081}" docker-compose.yml; then - echo "✅ PASS: docker-compose.yml uses GATEWAY_PORT environment variable" -else - echo "❌ FAIL: docker-compose.yml doesn't use GATEWAY_PORT environment variable" - exit 1 -fi - -if grep -q "\${CONSUL_PORT:-8500}" docker-compose.yml; then - echo "✅ PASS: docker-compose.yml uses CONSUL_PORT environment variable" -else - echo "❌ FAIL: docker-compose.yml doesn't use CONSUL_PORT environment variable" - exit 1 -fi - -# Test 4: Check application.yml files use environment variables -echo -echo "🧪 Test 4: Application Configuration" -echo "-----------------------------------" -if grep -q "\${GATEWAY_PORT:8081}" infrastructure/gateway/src/main/resources/application.yml; then - echo "✅ PASS: Gateway application.yml uses GATEWAY_PORT environment variable" -else - echo "❌ FAIL: Gateway application.yml doesn't use GATEWAY_PORT environment variable" - exit 1 -fi - -if grep -q "\${PING_SERVICE_PORT:8082}" temp/ping-service/src/main/resources/application.yml; then - echo "✅ PASS: Ping Service application.yml uses PING_SERVICE_PORT environment variable" -else - echo "❌ FAIL: Ping Service application.yml doesn't use PING_SERVICE_PORT environment variable" - exit 1 -fi - -# Test 5: Check gradle.properties has port management -echo -echo "🧪 Test 5: Gradle Properties Configuration" -echo "------------------------------------------" -if grep -q "infrastructure.gateway.port=8081" gradle.properties; then - echo "✅ PASS: gradle.properties contains gateway port configuration" -else - echo "❌ FAIL: gradle.properties missing gateway port configuration" - exit 1 -fi - -if grep -q "services.port.ping=8082" gradle.properties; then - echo "✅ PASS: gradle.properties contains ping service port configuration" -else - echo "❌ FAIL: gradle.properties missing ping service port configuration" - exit 1 -fi - -echo -echo "🎉 All Tests Passed!" -echo "===================" -echo "✅ Port conflicts have been successfully resolved" -echo "✅ Centralized port management is properly implemented" -echo "✅ Gateway will use port $GATEWAY_TEST_PORT" -echo "✅ Ping Service will use port $PING_TEST_PORT" -echo "✅ All infrastructure services have unique ports" -echo "✅ Configuration follows single source of truth principle" -echo -echo "🚀 The implementation meets all requirements from the issue description!"