mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

ein wenig aufgeräumt

Browse Source
This commit is contained in:
stefan
2025-09-06 13:35:32 +02:00
parent dac0c691c8
commit 2dc6a06990
41 changed files with 1872 additions and 3153 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/.env.dev
+163
View File
@@ -0,0 +1,163 @@
# =============================================================================
# Meldestelle - Development Environment Configuration
# =============================================================================
# Development-specific environment variables
# =============================================================================
# =============================================================================
# 1. APPLICATION CONFIGURATION
# =============================================================================
APP_NAME=Meldestelle
APP_VERSION=1.0.0
APP_DESCRIPTION='Pferdesport Meldestelle System'
APP_ENVIRONMENT=development
APP_HOST=0.0.0.0
# Development-specific settings
DEBUG_MODE=true
DEV_HOT_RELOAD=true
# =============================================================================
# 2. PORT MANAGEMENT
# =============================================================================
# Gateway Ports
GATEWAY_PORT=8081
GATEWAY_ADMIN_PORT=8080
# Service Ports
PING_SERVICE_PORT=8082
MEMBERS_SERVICE_PORT=8083
HORSES_SERVICE_PORT=8084
EVENTS_SERVICE_PORT=8085
MASTERDATA_SERVICE_PORT=8086
AUTH_SERVICE_PORT=8087
# Infrastructure Ports
CONSUL_PORT=8500
REDIS_PORT=6379
KAFKA_PORT=9092
PROMETHEUS_PORT=9090
GRAFANA_PORT=3000
# =============================================================================
# 3. DATABASE CONFIGURATION
# =============================================================================
DB_HOST=localhost
DB_PORT=5432
DB_NAME=meldestelle
DB_USER=meldestelle
DB_PASSWORD=meldestelle
DB_MAX_POOL_SIZE=10
DB_MIN_POOL_SIZE=5
DB_AUTO_MIGRATE=true
POSTGRES_USER=meldestelle
POSTGRES_PASSWORD=meldestelle
POSTGRES_DB=meldestelle
POSTGRES_EXTERNAL_PORT=5432
# =============================================================================
# 4. REDIS CONFIGURATION
# =============================================================================
REDIS_EVENT_STORE_HOST=localhost
REDIS_EVENT_STORE_PORT=6379
REDIS_EVENT_STORE_PASSWORD=
REDIS_EVENT_STORE_DATABASE=0
REDIS_EVENT_STORE_CONNECTION_TIMEOUT=2000
REDIS_EVENT_STORE_READ_TIMEOUT=2000
REDIS_EVENT_STORE_USE_POOLING=true
REDIS_EVENT_STORE_MAX_POOL_SIZE=8
REDIS_EVENT_STORE_MIN_POOL_SIZE=2
REDIS_CACHE_HOST=localhost
REDIS_CACHE_PORT=6379
REDIS_CACHE_PASSWORD=
REDIS_CACHE_DATABASE=1
REDIS_EXTERNAL_PORT=6379
REDIS_PASSWORD=
# =============================================================================
# 5. SECURITY CONFIGURATION
# =============================================================================
JWT_SECRET=meldestelle-jwt-secret-key-for-development-change-in-production
JWT_ISSUER=meldestelle-api
JWT_AUDIENCE=meldestelle-clients
JWT_REALM=meldestelle
API_KEY=meldestelle-api-key-for-development
# =============================================================================
# 6. KEYCLOAK CONFIGURATION
# =============================================================================
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=admin
KC_DB=postgres
KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak
KC_DB_USERNAME=meldestelle
KC_DB_PASSWORD=meldestelle
KC_HOSTNAME=auth.meldestelle.local
# =============================================================================
# 7. SERVICE DISCOVERY
# =============================================================================
CONSUL_HOST=consul
CONSUL_ENABLED=true
SERVICE_DISCOVERY_ENABLED=true
SERVICE_DISCOVERY_REGISTER_SERVICES=true
SERVICE_DISCOVERY_HEALTH_CHECK_PATH=/health
SERVICE_DISCOVERY_HEALTH_CHECK_INTERVAL=10
# =============================================================================
# 8. MESSAGING (Kafka)
# =============================================================================
ZOOKEEPER_CLIENT_PORT=2181
KAFKA_BROKER_ID=1
KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1
# =============================================================================
# 9. MONITORING
# =============================================================================
GF_SECURITY_ADMIN_USER=admin
GF_SECURITY_ADMIN_PASSWORD=admin
GF_USERS_ALLOW_SIGN_UP=false
METRICS_AUTH_USERNAME=admin
METRICS_AUTH_PASSWORD=metrics
GRAFANA_HOSTNAME=grafana.meldestelle.local
PROMETHEUS_HOSTNAME=prometheus.meldestelle.local
# =============================================================================
# 10. LOGGING CONFIGURATION
# =============================================================================
LOGGING_LEVEL=DEBUG
LOGGING_REQUESTS=true
LOGGING_RESPONSES=true
LOGGING_REQUEST_HEADERS=true
LOGGING_REQUEST_BODY=true
LOGGING_RESPONSE_HEADERS=true
LOGGING_RESPONSE_BODY=true
LOGGING_STRUCTURED=true
LOGGING_CORRELATION_ID=true
LOGGING_REQUEST_ID_HEADER=X-Request-ID
# =============================================================================
# 11. CORS AND RATE LIMITING
# =============================================================================
SERVER_CORS_ENABLED=true
SERVER_CORS_ALLOWED_ORIGINS=*
RATELIMIT_ENABLED=true
RATELIMIT_GLOBAL_LIMIT=100
RATELIMIT_GLOBAL_PERIOD_MINUTES=1
RATELIMIT_INCLUDE_HEADERS=true
# =============================================================================
# 12. SPRING PROFILES AND GATEWAY
# =============================================================================
SPRING_PROFILES_ACTIVE=dev
GATEWAY_ADMIN_USER=admin
GATEWAY_ADMIN_PASSWORD=admin
config/.env.prod
+164
View File
@@ -0,0 +1,164 @@
# =============================================================================
# Meldestelle - Production Environment Configuration
# =============================================================================
# Production-specific environment variables
# IMPORTANT: Change all CHANGE_ME values before deployment!
# =============================================================================
# =============================================================================
# 1. APPLICATION CONFIGURATION
# =============================================================================
APP_NAME=Meldestelle
APP_VERSION=1.0.0
APP_DESCRIPTION='Pferdesport Meldestelle System'
APP_ENVIRONMENT=production
APP_HOST=0.0.0.0
# Production settings
DEBUG_MODE=false
DEV_HOT_RELOAD=false
# =============================================================================
# 2. PORT MANAGEMENT
# =============================================================================
# Gateway Ports
GATEWAY_PORT=8081
GATEWAY_ADMIN_PORT=8080
# Service Ports
PING_SERVICE_PORT=8082
MEMBERS_SERVICE_PORT=8083
HORSES_SERVICE_PORT=8084
EVENTS_SERVICE_PORT=8085
MASTERDATA_SERVICE_PORT=8086
AUTH_SERVICE_PORT=8087
# Infrastructure Ports
CONSUL_PORT=8500
REDIS_PORT=6379
KAFKA_PORT=9092
PROMETHEUS_PORT=9090
GRAFANA_PORT=3000
# =============================================================================
# 3. DATABASE CONFIGURATION
# =============================================================================
DB_HOST=postgres
DB_PORT=5432
DB_NAME=meldestelle_prod
DB_USER=meldestelle_prod
DB_PASSWORD=CHANGE_ME_STRONG_DB_PASSWORD_HERE
DB_MAX_POOL_SIZE=20
DB_MIN_POOL_SIZE=10
DB_AUTO_MIGRATE=false
POSTGRES_USER=meldestelle_prod
POSTGRES_PASSWORD=CHANGE_ME_STRONG_DB_PASSWORD_HERE
POSTGRES_DB=meldestelle_prod
POSTGRES_EXTERNAL_PORT=5432
# =============================================================================
# 4. REDIS CONFIGURATION
# =============================================================================
REDIS_EVENT_STORE_HOST=redis
REDIS_EVENT_STORE_PORT=6379
REDIS_EVENT_STORE_PASSWORD=CHANGE_ME_STRONG_REDIS_PASSWORD_HERE
REDIS_EVENT_STORE_DATABASE=0
REDIS_EVENT_STORE_CONNECTION_TIMEOUT=5000
REDIS_EVENT_STORE_READ_TIMEOUT=5000
REDIS_EVENT_STORE_USE_POOLING=true
REDIS_EVENT_STORE_MAX_POOL_SIZE=20
REDIS_EVENT_STORE_MIN_POOL_SIZE=5
REDIS_CACHE_HOST=redis
REDIS_CACHE_PORT=6379
REDIS_CACHE_PASSWORD=CHANGE_ME_STRONG_REDIS_PASSWORD_HERE
REDIS_CACHE_DATABASE=1
REDIS_EXTERNAL_PORT=6379
REDIS_PASSWORD=CHANGE_ME_STRONG_REDIS_PASSWORD_HERE
# =============================================================================
# 5. SECURITY CONFIGURATION
# =============================================================================
JWT_SECRET=CHANGE_ME_STRONG_JWT_SECRET_AT_LEAST_256_BITS_HERE
JWT_ISSUER=meldestelle-api-prod
JWT_AUDIENCE=meldestelle-clients-prod
JWT_REALM=meldestelle-prod
API_KEY=CHANGE_ME_STRONG_API_KEY_HERE
# =============================================================================
# 6. KEYCLOAK CONFIGURATION
# =============================================================================
KEYCLOAK_ADMIN=CHANGE_ME_ADMIN_USERNAME
KEYCLOAK_ADMIN_PASSWORD=CHANGE_ME_STRONG_ADMIN_PASSWORD_HERE
KC_DB=postgres
KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak_prod
KC_DB_USERNAME=keycloak_prod
KC_DB_PASSWORD=CHANGE_ME_STRONG_KEYCLOAK_DB_PASSWORD_HERE
KC_HOSTNAME=auth.yourdomain.com
# =============================================================================
# 7. SERVICE DISCOVERY
# =============================================================================
CONSUL_HOST=consul
CONSUL_ENABLED=true
SERVICE_DISCOVERY_ENABLED=true
SERVICE_DISCOVERY_REGISTER_SERVICES=true
SERVICE_DISCOVERY_HEALTH_CHECK_PATH=/health
SERVICE_DISCOVERY_HEALTH_CHECK_INTERVAL=30
# =============================================================================
# 8. MESSAGING (Kafka)
# =============================================================================
ZOOKEEPER_CLIENT_PORT=2181
KAFKA_BROKER_ID=1
KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1
# =============================================================================
# 9. MONITORING
# =============================================================================
GF_SECURITY_ADMIN_USER=CHANGE_ME_GRAFANA_ADMIN_USERNAME
GF_SECURITY_ADMIN_PASSWORD=CHANGE_ME_STRONG_GRAFANA_PASSWORD_HERE
GF_USERS_ALLOW_SIGN_UP=false
METRICS_AUTH_USERNAME=CHANGE_ME_METRICS_USERNAME
METRICS_AUTH_PASSWORD=CHANGE_ME_STRONG_METRICS_PASSWORD_HERE
GRAFANA_HOSTNAME=monitoring.yourdomain.com
PROMETHEUS_HOSTNAME=metrics.yourdomain.com
# =============================================================================
# 10. LOGGING CONFIGURATION
# =============================================================================
LOGGING_LEVEL=INFO
LOGGING_REQUESTS=false
LOGGING_RESPONSES=false
LOGGING_REQUEST_HEADERS=false
LOGGING_REQUEST_BODY=false
LOGGING_RESPONSE_HEADERS=false
LOGGING_RESPONSE_BODY=false
LOGGING_STRUCTURED=true
LOGGING_CORRELATION_ID=true
LOGGING_REQUEST_ID_HEADER=X-Request-ID
# =============================================================================
# 11. CORS AND RATE LIMITING
# =============================================================================
SERVER_CORS_ENABLED=true
SERVER_CORS_ALLOWED_ORIGINS=https://yourdomain.com,https://www.yourdomain.com
RATELIMIT_ENABLED=true
RATELIMIT_GLOBAL_LIMIT=1000
RATELIMIT_GLOBAL_PERIOD_MINUTES=1
RATELIMIT_INCLUDE_HEADERS=true
# =============================================================================
# 12. SPRING PROFILES AND GATEWAY
# =============================================================================
SPRING_PROFILES_ACTIVE=prod
GATEWAY_ADMIN_USER=CHANGE_ME_GATEWAY_ADMIN_USERNAME
GATEWAY_ADMIN_PASSWORD=CHANGE_ME_STRONG_GATEWAY_ADMIN_PASSWORD_HERE
config/.env.staging
+163
View File
@@ -0,0 +1,163 @@
# =============================================================================
# Meldestelle - Staging Environment Configuration
# =============================================================================
# Staging-specific environment variables (production-like but for testing)
# =============================================================================
# =============================================================================
# 1. APPLICATION CONFIGURATION
# =============================================================================
APP_NAME=Meldestelle
APP_VERSION=1.0.0
APP_DESCRIPTION='Pferdesport Meldestelle System'
APP_ENVIRONMENT=staging
APP_HOST=0.0.0.0
# Staging settings (production-like but with some debugging)
DEBUG_MODE=false
DEV_HOT_RELOAD=false
# =============================================================================
# 2. PORT MANAGEMENT
# =============================================================================
# Gateway Ports
GATEWAY_PORT=8081
GATEWAY_ADMIN_PORT=8080
# Service Ports
PING_SERVICE_PORT=8082
MEMBERS_SERVICE_PORT=8083
HORSES_SERVICE_PORT=8084
EVENTS_SERVICE_PORT=8085
MASTERDATA_SERVICE_PORT=8086
AUTH_SERVICE_PORT=8087
# Infrastructure Ports
CONSUL_PORT=8500
REDIS_PORT=6379
KAFKA_PORT=9092
PROMETHEUS_PORT=9090
GRAFANA_PORT=3000
# =============================================================================
# 3. DATABASE CONFIGURATION
# =============================================================================
DB_HOST=postgres
DB_PORT=5432
DB_NAME=meldestelle_staging
DB_USER=meldestelle_staging
DB_PASSWORD=staging_password_change_me
DB_MAX_POOL_SIZE=15
DB_MIN_POOL_SIZE=5
DB_AUTO_MIGRATE=true
POSTGRES_USER=meldestelle_staging
POSTGRES_PASSWORD=staging_password_change_me
POSTGRES_DB=meldestelle_staging
POSTGRES_EXTERNAL_PORT=5432
# =============================================================================
# 4. REDIS CONFIGURATION
# =============================================================================
REDIS_EVENT_STORE_HOST=redis
REDIS_EVENT_STORE_PORT=6379
REDIS_EVENT_STORE_PASSWORD=staging_redis_password
REDIS_EVENT_STORE_DATABASE=0
REDIS_EVENT_STORE_CONNECTION_TIMEOUT=3000
REDIS_EVENT_STORE_READ_TIMEOUT=3000
REDIS_EVENT_STORE_USE_POOLING=true
REDIS_EVENT_STORE_MAX_POOL_SIZE=15
REDIS_EVENT_STORE_MIN_POOL_SIZE=3
REDIS_CACHE_HOST=redis
REDIS_CACHE_PORT=6379
REDIS_CACHE_PASSWORD=staging_redis_password
REDIS_CACHE_DATABASE=1
REDIS_EXTERNAL_PORT=6379
REDIS_PASSWORD=staging_redis_password
# =============================================================================
# 5. SECURITY CONFIGURATION
# =============================================================================
JWT_SECRET=staging-jwt-secret-key-not-for-production-use
JWT_ISSUER=meldestelle-api-staging
JWT_AUDIENCE=meldestelle-clients-staging
JWT_REALM=meldestelle-staging
API_KEY=staging-api-key-change-me
# =============================================================================
# 6. KEYCLOAK CONFIGURATION
# =============================================================================
KEYCLOAK_ADMIN=staging_admin
KEYCLOAK_ADMIN_PASSWORD=staging_admin_password
KC_DB=postgres
KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak_staging
KC_DB_USERNAME=keycloak_staging
KC_DB_PASSWORD=staging_keycloak_password
KC_HOSTNAME=auth-staging.meldestelle.local
# =============================================================================
# 7. SERVICE DISCOVERY
# =============================================================================
CONSUL_HOST=consul
CONSUL_ENABLED=true
SERVICE_DISCOVERY_ENABLED=true
SERVICE_DISCOVERY_REGISTER_SERVICES=true
SERVICE_DISCOVERY_HEALTH_CHECK_PATH=/health
SERVICE_DISCOVERY_HEALTH_CHECK_INTERVAL=15
# =============================================================================
# 8. MESSAGING (Kafka)
# =============================================================================
ZOOKEEPER_CLIENT_PORT=2181
KAFKA_BROKER_ID=1
KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1
# =============================================================================
# 9. MONITORING
# =============================================================================
GF_SECURITY_ADMIN_USER=staging_admin
GF_SECURITY_ADMIN_PASSWORD=staging_grafana_password
GF_USERS_ALLOW_SIGN_UP=false
METRICS_AUTH_USERNAME=staging_metrics
METRICS_AUTH_PASSWORD=staging_metrics_password
GRAFANA_HOSTNAME=grafana-staging.meldestelle.local
PROMETHEUS_HOSTNAME=prometheus-staging.meldestelle.local
# =============================================================================
# 10. LOGGING CONFIGURATION
# =============================================================================
LOGGING_LEVEL=INFO
LOGGING_REQUESTS=true
LOGGING_RESPONSES=false
LOGGING_REQUEST_HEADERS=false
LOGGING_REQUEST_BODY=false
LOGGING_RESPONSE_HEADERS=false
LOGGING_RESPONSE_BODY=false
LOGGING_STRUCTURED=true
LOGGING_CORRELATION_ID=true
LOGGING_REQUEST_ID_HEADER=X-Request-ID
# =============================================================================
# 11. CORS AND RATE LIMITING
# =============================================================================
SERVER_CORS_ENABLED=true
SERVER_CORS_ALLOWED_ORIGINS=https://staging.meldestelle.local,https://app-staging.meldestelle.local
RATELIMIT_ENABLED=true
RATELIMIT_GLOBAL_LIMIT=500
RATELIMIT_GLOBAL_PERIOD_MINUTES=1
RATELIMIT_INCLUDE_HEADERS=true
# =============================================================================
# 12. SPRING PROFILES AND GATEWAY
# =============================================================================
SPRING_PROFILES_ACTIVE=staging
GATEWAY_ADMIN_USER=staging_gateway_admin
GATEWAY_ADMIN_PASSWORD=staging_gateway_password
config/.env.template
+178
View File
@@ -0,0 +1,178 @@
# =============================================================================
# Meldestelle - Umgebungsvariablen Vorlage
# =============================================================================
# Dies ist die SINGLE SOURCE OF TRUTH für alle Umgebungsvariablen.
# Kopieren Sie zu .env.dev, .env.prod, .env.staging oder .env.test und anpassen.
#
# ⚠️ SICHERHEITSWARNUNG:
# - Niemals Produktions-Secrets in die Versionskontrolle committen
# - JWT_SECRET in der Produktion ändern
# - Starke Passwörter für Produktionsumgebungen verwenden
# - API-Schlüssel regelmäßig rotieren
# =============================================================================
# =============================================================================
# 1. ANWENDUNGSKONFIGURATION
# =============================================================================
APP_NAME=Meldestelle
APP_VERSION=1.0.0
APP_DESCRIPTION='Pferdesport Meldestelle System'
APP_ENVIRONMENT=development
APP_HOST=0.0.0.0
# Entwicklungsspezifische Einstellungen
DEBUG_MODE=true
DEV_HOT_RELOAD=true
# =============================================================================
# 2. PORT-VERWALTUNG - SINGLE SOURCE OF TRUTH
# =============================================================================
# Gateway Ports
GATEWAY_PORT=8081
GATEWAY_ADMIN_PORT=8080
# Service Ports (eindeutige Zuteilung)
PING_SERVICE_PORT=8082
MEMBERS_SERVICE_PORT=8083
HORSES_SERVICE_PORT=8084
EVENTS_SERVICE_PORT=8085
MASTERDATA_SERVICE_PORT=8086
AUTH_SERVICE_PORT=8087
# Infrastruktur Ports
CONSUL_PORT=8500
REDIS_PORT=6379
KAFKA_PORT=9092
PROMETHEUS_PORT=9090
GRAFANA_PORT=3000
# =============================================================================
# 3. DATENBANK-KONFIGURATION (PostgreSQL)
# =============================================================================
# Anwendungs-Datenbankeinstellungen
DB_HOST=localhost
DB_PORT=5432
DB_NAME=meldestelle
DB_USER=meldestelle
DB_PASSWORD=meldestelle
DB_MAX_POOL_SIZE=10
DB_MIN_POOL_SIZE=5
DB_AUTO_MIGRATE=true
# Docker PostgreSQL Container-Einstellungen
POSTGRES_USER=meldestelle
POSTGRES_PASSWORD=meldestelle
POSTGRES_DB=meldestelle
POSTGRES_EXTERNAL_PORT=5432
# =============================================================================
# 4. REDIS-KONFIGURATION
# =============================================================================
# Event Store Konfiguration
REDIS_EVENT_STORE_HOST=localhost
REDIS_EVENT_STORE_PORT=6379
REDIS_EVENT_STORE_PASSWORD=
REDIS_EVENT_STORE_DATABASE=0
REDIS_EVENT_STORE_CONNECTION_TIMEOUT=2000
REDIS_EVENT_STORE_READ_TIMEOUT=2000
REDIS_EVENT_STORE_USE_POOLING=true
REDIS_EVENT_STORE_MAX_POOL_SIZE=8
REDIS_EVENT_STORE_MIN_POOL_SIZE=2
# Cache-Konfiguration
REDIS_CACHE_HOST=localhost
REDIS_CACHE_PORT=6379
REDIS_CACHE_PASSWORD=
REDIS_CACHE_DATABASE=1
# Redis Docker-Einstellungen
REDIS_EXTERNAL_PORT=6379
REDIS_PASSWORD=
# =============================================================================
# 5. SICHERHEITSKONFIGURATION
# =============================================================================
JWT_SECRET=meldestelle-jwt-secret-key-for-development-change-in-production
JWT_ISSUER=meldestelle-api
JWT_AUDIENCE=meldestelle-clients
JWT_REALM=meldestelle
API_KEY=meldestelle-api-key-for-development
# =============================================================================
# 6. KEYCLOAK CONFIGURATION
# =============================================================================
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=admin
KC_DB=postgres
KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak
KC_DB_USERNAME=meldestelle
KC_DB_PASSWORD=meldestelle
KC_HOSTNAME=auth.meldestelle.local
# =============================================================================
# 7. SERVICE DISCOVERY (Consul)
# =============================================================================
CONSUL_HOST=consul
CONSUL_ENABLED=true
SERVICE_DISCOVERY_ENABLED=true
SERVICE_DISCOVERY_REGISTER_SERVICES=true
SERVICE_DISCOVERY_HEALTH_CHECK_PATH=/health
SERVICE_DISCOVERY_HEALTH_CHECK_INTERVAL=10
# =============================================================================
# 8. MESSAGING (Kafka)
# =============================================================================
ZOOKEEPER_CLIENT_PORT=2181
KAFKA_BROKER_ID=1
KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1
# =============================================================================
# 9. MONITORING
# =============================================================================
# Grafana Configuration
GF_SECURITY_ADMIN_USER=admin
GF_SECURITY_ADMIN_PASSWORD=admin
GF_USERS_ALLOW_SIGN_UP=false
# Metrics Authentication
METRICS_AUTH_USERNAME=admin
METRICS_AUTH_PASSWORD=metrics
# Monitoring hostnames
GRAFANA_HOSTNAME=grafana.meldestelle.local
PROMETHEUS_HOSTNAME=prometheus.meldestelle.local
# =============================================================================
# 10. LOGGING CONFIGURATION
# =============================================================================
LOGGING_LEVEL=DEBUG
LOGGING_REQUESTS=true
LOGGING_RESPONSES=true
LOGGING_REQUEST_HEADERS=true
LOGGING_REQUEST_BODY=true
LOGGING_RESPONSE_HEADERS=true
LOGGING_RESPONSE_BODY=true
LOGGING_STRUCTURED=true
LOGGING_CORRELATION_ID=true
LOGGING_REQUEST_ID_HEADER=X-Request-ID
# =============================================================================
# 11. CORS AND RATE LIMITING
# =============================================================================
SERVER_CORS_ENABLED=true
SERVER_CORS_ALLOWED_ORIGINS=*
RATELIMIT_ENABLED=true
RATELIMIT_GLOBAL_LIMIT=100
RATELIMIT_GLOBAL_PERIOD_MINUTES=1
RATELIMIT_INCLUDE_HEADERS=true
# =============================================================================
# 12. SPRING PROFILES AND GATEWAY
# =============================================================================
SPRING_PROFILES_ACTIVE=dev
GATEWAY_ADMIN_USER=admin
GATEWAY_ADMIN_PASSWORD=admin
config/.env.test
+163
View File
@@ -0,0 +1,163 @@
# =============================================================================
# Meldestelle - Test Environment Configuration
# =============================================================================
# Test-specific environment variables (optimized for automated testing)
# =============================================================================
# =============================================================================
# 1. APPLICATION CONFIGURATION
# =============================================================================
APP_NAME=Meldestelle
APP_VERSION=1.0.0
APP_DESCRIPTION='Pferdesport Meldestelle System'
APP_ENVIRONMENT=test
APP_HOST=localhost
# Test settings (fast and minimal for CI/CD)
DEBUG_MODE=true
DEV_HOT_RELOAD=false
# =============================================================================
# 2. PORT MANAGEMENT
# =============================================================================
# Gateway Ports (use different ports to avoid conflicts during parallel testing)
GATEWAY_PORT=9081
GATEWAY_ADMIN_PORT=9080
# Service Ports
PING_SERVICE_PORT=9082
MEMBERS_SERVICE_PORT=9083
HORSES_SERVICE_PORT=9084
EVENTS_SERVICE_PORT=9085
MASTERDATA_SERVICE_PORT=9086
AUTH_SERVICE_PORT=9087
# Infrastructure Ports
CONSUL_PORT=9500
REDIS_PORT=9379
KAFKA_PORT=9092
PROMETHEUS_PORT=9090
GRAFANA_PORT=9000
# =============================================================================
# 3. DATABASE CONFIGURATION
# =============================================================================
DB_HOST=localhost
DB_PORT=5433
DB_NAME=meldestelle_test
DB_USER=meldestelle_test
DB_PASSWORD=test_password
DB_MAX_POOL_SIZE=5
DB_MIN_POOL_SIZE=1
DB_AUTO_MIGRATE=true
POSTGRES_USER=meldestelle_test
POSTGRES_PASSWORD=test_password
POSTGRES_DB=meldestelle_test
POSTGRES_EXTERNAL_PORT=5433
# =============================================================================
# 4. REDIS CONFIGURATION
# =============================================================================
REDIS_EVENT_STORE_HOST=localhost
REDIS_EVENT_STORE_PORT=9379
REDIS_EVENT_STORE_PASSWORD=
REDIS_EVENT_STORE_DATABASE=0
REDIS_EVENT_STORE_CONNECTION_TIMEOUT=1000
REDIS_EVENT_STORE_READ_TIMEOUT=1000
REDIS_EVENT_STORE_USE_POOLING=true
REDIS_EVENT_STORE_MAX_POOL_SIZE=3
REDIS_EVENT_STORE_MIN_POOL_SIZE=1
REDIS_CACHE_HOST=localhost
REDIS_CACHE_PORT=9379
REDIS_CACHE_PASSWORD=
REDIS_CACHE_DATABASE=1
REDIS_EXTERNAL_PORT=9379
REDIS_PASSWORD=
# =============================================================================
# 5. SECURITY CONFIGURATION
# =============================================================================
JWT_SECRET=test-jwt-secret-key-for-testing-only
JWT_ISSUER=meldestelle-api-test
JWT_AUDIENCE=meldestelle-clients-test
JWT_REALM=meldestelle-test
API_KEY=test-api-key
# =============================================================================
# 6. KEYCLOAK CONFIGURATION
# =============================================================================
KEYCLOAK_ADMIN=test_admin
KEYCLOAK_ADMIN_PASSWORD=test_password
KC_DB=postgres
KC_DB_URL=jdbc:postgresql://localhost:5433/keycloak_test
KC_DB_USERNAME=keycloak_test
KC_DB_PASSWORD=test_password
KC_HOSTNAME=localhost
# =============================================================================
# 7. SERVICE DISCOVERY
# =============================================================================
CONSUL_HOST=localhost
CONSUL_ENABLED=false
SERVICE_DISCOVERY_ENABLED=false
SERVICE_DISCOVERY_REGISTER_SERVICES=false
SERVICE_DISCOVERY_HEALTH_CHECK_PATH=/health
SERVICE_DISCOVERY_HEALTH_CHECK_INTERVAL=5
# =============================================================================
# 8. MESSAGING (Kafka)
# =============================================================================
ZOOKEEPER_CLIENT_PORT=2182
KAFKA_BROKER_ID=1
KAFKA_ZOOKEEPER_CONNECT=localhost:2182
KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://localhost:9092
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=PLAINTEXT:PLAINTEXT
KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1
# =============================================================================
# 9. MONITORING
# =============================================================================
GF_SECURITY_ADMIN_USER=test_admin
GF_SECURITY_ADMIN_PASSWORD=test_password
GF_USERS_ALLOW_SIGN_UP=false
METRICS_AUTH_USERNAME=test_metrics
METRICS_AUTH_PASSWORD=test_password
GRAFANA_HOSTNAME=localhost
PROMETHEUS_HOSTNAME=localhost
# =============================================================================
# 10. LOGGING CONFIGURATION
# =============================================================================
LOGGING_LEVEL=DEBUG
LOGGING_REQUESTS=true
LOGGING_RESPONSES=true
LOGGING_REQUEST_HEADERS=true
LOGGING_REQUEST_BODY=true
LOGGING_RESPONSE_HEADERS=true
LOGGING_RESPONSE_BODY=true
LOGGING_STRUCTURED=true
LOGGING_CORRELATION_ID=true
LOGGING_REQUEST_ID_HEADER=X-Request-ID
# =============================================================================
# 11. CORS AND RATE LIMITING
# =============================================================================
SERVER_CORS_ENABLED=true
SERVER_CORS_ALLOWED_ORIGINS=*
RATELIMIT_ENABLED=false
RATELIMIT_GLOBAL_LIMIT=10000
RATELIMIT_GLOBAL_PERIOD_MINUTES=1
RATELIMIT_INCLUDE_HEADERS=true
# =============================================================================
# 12. SPRING PROFILES AND GATEWAY
# =============================================================================
SPRING_PROFILES_ACTIVE=test
GATEWAY_ADMIN_USER=test_admin
GATEWAY_ADMIN_PASSWORD=test_password
config/README.md
+185
View File
@@ -0,0 +1,185 @@
# Meldestelle - Zentrale Konfigurationsverwaltung
## Übersicht
Dieses Verzeichnis enthält die **SINGLE SOURCE OF TRUTH** für alle Umgebungsvariablen und Konfigurationsdateien im Meldestelle-Projekt. Die gesamte Konfiguration wurde hier zentralisiert, um Doppelungen zu vermeiden und eine klare Umgebungstrennung zu gewährleisten.
## Struktur
```
config/
├── .env.template # Vorlage mit allen verfügbaren Variablen
├── .env.dev # Entwicklungsumgebung
├── .env.prod # Produktionsumgebung
├── .env.staging # Staging-Umgebung
├── .env.test # Testumgebung
├── application.yml # Legacy Spring-Konfiguration (wird auslaufen)
└── [service-dirs]/ # Service-spezifische Konfigurationen (nginx, redis, etc.)
```
## Umgebungsdateien
### `.env.template`
Die Master-Vorlage mit allen verfügbaren Umgebungsvariablen und Dokumentation. Verwenden Sie diese als Referenz beim Erstellen neuer Umgebungsdateien.
### `.env.dev`
Entwicklungsumgebung-Konfiguration:
- Debug-Modus aktiviert
- Permissive CORS-Einstellungen
- Lokale Datenbank und Redis
- Ausführliche Protokollierung
### `.env.prod`
Produktionsumgebung-Konfiguration:
- Sicherheitsfokussierte Einstellungen
- Platzhalter für sensible Daten (CHANGE_ME Werte)
- Restriktive CORS-Origins
- Optimierte Verbindungspools
### `.env.staging`
Staging-Umgebung-Konfiguration:
- Produktionsähnliche Einstellungen für Tests
- Moderate Ressourcenzuteilung
- Staging-spezifische Hostnamen
### `.env.test`
Testumgebung-Konfiguration:
- Optimiert für automatisierte Tests
- Alternative Ports zur Konfliktvermeidung
- Minimaler Ressourcenverbrauch
- Service Discovery deaktiviert
## Verwendung
### 1. Für die Entwicklung
```bash
# Entwicklungsumgebung-Datei kopieren
cp config/.env.dev .env
# Oder einen Symlink erstellen
ln -sf config/.env.dev .env
```
### 2. Für die Produktion
```bash
# Produktions-Vorlage kopieren und anpassen
cp config/.env.prod .env.prod
# Alle CHANGE_ME Werte mit sicheren Zugangsdaten bearbeiten
vim .env.prod
# Produktions-Datei verwenden
ln -sf .env.prod .env
```
### 3. Für Tests
```bash
# Testumgebung verwenden
ln -sf config/.env.test .env
```
## Struktur der Umgebungsvariablen
Die Konfiguration ist in 12 logische Abschnitte unterteilt:
1. **Anwendungskonfiguration** - Grundlegende App-Einstellungen
2. **Port-Verwaltung** - Alle Service-Ports an einem Ort
3. **Datenbank-Konfiguration** - PostgreSQL-Einstellungen
4. **Redis-Konfiguration** - Cache und Event Store
5. **Sicherheitskonfiguration** - JWT, API-Schlüssel
6. **Keycloak-Konfiguration** - Authentifizierungsserver
7. **Service Discovery** - Consul-Einstellungen
8. **Messaging** - Kafka-Konfiguration
9. **Überwachung** - Grafana, Prometheus
10. **Protokollierungskonfiguration** - Log-Level und Formate
11. **CORS und Rate Limiting** - Web-Sicherheit
12. **Spring Profile und Gateway** - Framework-Einstellungen
## Sicherheitsrichtlinien
### Entwicklung
- Standard-Passwörter für lokale Entwicklung verwenden
- Debug-Modus aktiviert lassen
- Permissive CORS-Einstellungen verwenden
### Produktion
- **NIEMALS** Produktions-`.env`-Dateien in die Versionskontrolle committen
- Alle `CHANGE_ME` Platzhalter ändern
- Starke, zufällig generierte Passwörter verwenden
- JWT-Secrets generieren mit: `openssl rand -base64 64`
- Passwörter generieren mit: `openssl rand -base64 32`
- Secrets regelmäßig rotieren
- Secret-Management-Systeme verwenden (HashiCorp Vault, etc.)
## Migration von der alten Struktur
Die alten Konfigurationsdateien wurden konsolidiert:
### Entfernte Dateien
- `/project-root/.env``config/.env.dev`
- `/project-root/.env.template``config/.env.template`
- `/project-root/.env.prod.example``config/.env.prod`
- `config/application*.properties` - Entfernt und durch .env-Dateien ersetzt
### Legacy-Dateien (werden auslaufen)
- `config/application.yml` - Wird durch .env-Dateien ersetzt
## Referenz der Umgebungsvariablen
### Wichtige Variablen nach Umgebung
| Variable | Dev | Staging | Prod | Test |
|----------|-----|---------|------|------|
| `DEBUG_MODE` | true | false | false | true |
| `LOGGING_LEVEL` | DEBUG | INFO | INFO | DEBUG |
| `CORS_ALLOWED_ORIGINS` | * | staging domains | prod domains | * |
| `DB_AUTO_MIGRATE` | true | true | false | true |
| `CONSUL_ENABLED` | true | true | true | false |
### Port-Zuteilung
| Service | Port |
|---------|------|
| Gateway | 8081 |
| Gateway Admin | 8080 |
| Ping Service | 8082 |
| Members Service | 8083 |
| Horses Service | 8084 |
| Events Service | 8085 |
| Masterdata Service | 8086 |
| Auth Service | 8087 |
**Testumgebung:** Alle Ports +1000 (z.B. Gateway: 9081)
## Best Practices
1. **Immer die Vorlage verwenden** als Ausgangspunkt für neue Umgebungen
2. **Benutzerdefinierte Variablen dokumentieren** in Kommentaren
3. **Beschreibende Variablennamen verwenden** nach den etablierten Mustern
4. **Verwandte Variablen gruppieren** in logischen Abschnitten
5. **Konfiguration validieren** vor der Bereitstellung
6. **Konfigurationsabweichungen überwachen** zwischen Umgebungen
## Fehlerbehebung
### Häufige Probleme
1. **Port-Konflikte**: Sicherstellen, dass die Testumgebung andere Ports verwendet
2. **Fehlende Variablen**: Gegen `.env.template` prüfen
3. **Zugriff verweigert**: Dateiberechtigungen für `.env`-Dateien überprüfen
4. **Datenbankverbindung fehlgeschlagen**: DB-Zugangsdaten und Hostname prüfen
### Validierungsskript
```bash
# TODO: Validierungsskript erstellen
./scripts/validate-config.sh config/.env.prod
```
## Zukünftige Verbesserungen
- [ ] Konfigurationsvalidierungsskripte
- [ ] Automatische Secret-Generierung
- [ ] Umgebungsspezifische docker-compose-Dateien
- [ ] Erkennung von Konfigurationsabweichungen
- [ ] Integration von Secret-Management
config/application-dev.properties
-13
View File
@@ -1,13 +0,0 @@
# Entwicklungsumgebung spezifische Konfiguration
# Server-Einstellungen
server.port=8080
# Datenbank-Einstellungen
database.host=localhost
database.port=5432
# Logging-Einstellungen
logging.level=DEBUG
logging.requests=true
logging.responses=true
config/application-prod.properties
-16
View File
@@ -1,16 +0,0 @@
# Produktionsumgebung spezifische Konfiguration
# Server-Einstellungen
server.port=8080
server.workers=4
server.cors.allowedOrigins=https://meldestelle.at,https://app.meldestelle.at
# Datenbank-Einstellungen
database.host=db
database.port=5432
database.maxPoolSize=20
# Logging-Einstellungen
logging.level=INFO
logging.requests=true
logging.responses=false
config/application-staging.properties
-16
View File
@@ -1,16 +0,0 @@
# Staging-Umgebung spezifische Konfiguration
# Server-Einstellungen
server.port=8080
server.workers=2
server.cors.allowedOrigins=https://staging.meldestelle.at
# Datenbank-Einstellungen
database.host=db
database.port=5432
database.name=meldestelle_staging_db
# Logging-Einstellungen
logging.level=INFO
logging.requests=true
logging.responses=false
config/application-test.properties
-14
View File
@@ -1,14 +0,0 @@
# Testumgebung spezifische Konfiguration
# Server-Einstellungen
server.port=8082
# Datenbank-Einstellungen
database.host=localhost
database.port=5432
database.name=meldestelle_test_db
# Logging-Einstellungen
logging.level=DEBUG
logging.requests=true
logging.responses=true
config/application.properties
-32
View File
@@ -1,32 +0,0 @@
# Allgemeine Anwendungseinstellungen
app.name=Meldestelle
app.version=1.0.0
app.description=Pferdesport Meldestelle System
# Server-Einstellungen
server.port=8080
server.host=0.0.0.0
server.workers=4
server.cors.enabled=true
server.cors.allowedOrigins=*
# Datenbank-Einstellungen
database.host=localhost
database.port=5432
database.name=meldestelle_db
database.username=meldestelle_user
database.password=secure_password_change_me
database.maxPoolSize=10
database.autoMigrate=true
# Sicherheits-Einstellungen
security.jwt.secret=default-jwt-secret-key-please-change-in-production
security.jwt.issuer=meldestelle-api
security.jwt.audience=meldestelle-clients
security.jwt.realm=meldestelle
security.jwt.expirationInMinutes=1440
# Logging-Einstellungen
logging.level=INFO
logging.requests=true
logging.responses=false
config/ssl/README.md
-220
View File
@@ -1,220 +0,0 @@
# SSL/TLS Certificate Setup for Production
This directory contains SSL/TLS certificates and keys for securing the Meldestelle application in production.
## Directory Structure
```
config/ssl/
├── postgres/ # PostgreSQL SSL certificates
├── redis/ # Redis TLS certificates
├── keycloak/ # Keycloak HTTPS certificates
├── prometheus/ # Prometheus HTTPS certificates
├── grafana/ # Grafana HTTPS certificates
├── nginx/ # Nginx SSL certificates
└── README.md # This file
```
## Certificate Requirements
### 1. PostgreSQL SSL Certificates
Place the following files in `config/ssl/postgres/`:
- `server.crt` - Server certificate
- `server.key` - Server private key
- `ca.crt` - Certificate Authority certificate
### 2. Redis TLS Certificates
Place the following files in `config/ssl/redis/`:
- `redis.crt` - Redis server certificate
- `redis.key` - Redis server private key
- `ca.crt` - Certificate Authority certificate
- `redis.dh` - Diffie-Hellman parameters
### 3. Keycloak HTTPS Certificates
Place the following files in `config/ssl/keycloak/`:
- `server.crt.pem` - Server certificate in PEM format
- `server.key.pem` - Server private key in PEM format
### 4. Prometheus HTTPS Certificates
Place the following files in `config/ssl/prometheus/`:
- `prometheus.crt` - Prometheus server certificate
- `prometheus.key` - Prometheus server private key
- `web.yml` - Prometheus web configuration file
### 5. Grafana HTTPS Certificates
Place the following files in `config/ssl/grafana/`:
- `server.crt` - Grafana server certificate
- `server.key` - Grafana server private key
### 6. Nginx SSL Certificates
Place the following files in `config/ssl/nginx/`:
- `server.crt` - Main SSL certificate
- `server.key` - Main SSL private key
- `dhparam.pem` - Diffie-Hellman parameters
## Generating Self-Signed Certificates (Development/Testing)
⚠️ **Warning**: Only use self-signed certificates for development and testing. Use proper CA-signed certificates in production.
### Generate CA Certificate
```bash
# Create CA private key
openssl genrsa -out ca.key 4096
# Create CA certificate
openssl req -new -x509 -days 365 -key ca.key -out ca.crt \
-subj "/C=AT/ST=Vienna/L=Vienna/O=Meldestelle/OU=IT/CN=Meldestelle-CA"
```
### Generate Server Certificates
```bash
# For each service, generate private key and certificate signing request
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr \
-subj "/C=AT/ST=Vienna/L=Vienna/O=Meldestelle/OU=IT/CN=your-domain.com"
# Sign the certificate with CA
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key \
-CAcreateserial -out server.crt
# Clean up
rm server.csr
```
### Generate Diffie-Hellman Parameters
```bash
openssl dhparam -out dhparam.pem 2048
```
## Production Certificate Setup
### Option 1: Let's Encrypt (Recommended)
Use Certbot to obtain free SSL certificates:
```bash
# Install certbot
sudo apt-get install certbot
# Obtain certificates
sudo certbot certonly --standalone -d your-domain.com -d www.your-domain.com
# Copy certificates to appropriate directories
sudo cp /etc/letsencrypt/live/your-domain.com/fullchain.pem config/ssl/nginx/server.crt
sudo cp /etc/letsencrypt/live/your-domain.com/privkey.pem config/ssl/nginx/server.key
```
### Option 2: Commercial CA
1. Generate Certificate Signing Requests (CSRs)
2. Submit CSRs to your Certificate Authority
3. Download signed certificates
4. Place certificates in appropriate directories
### Option 3: Internal CA
If using an internal Certificate Authority:
1. Generate CSRs for each service
2. Sign certificates with your internal CA
3. Distribute CA certificate to all clients
## File Permissions
Ensure proper file permissions for security:
```bash
# Set restrictive permissions on private keys
chmod 600 config/ssl/*/server.key
chmod 600 config/ssl/*/redis.key
chmod 600 config/ssl/*/prometheus.key
# Set readable permissions on certificates
chmod 644 config/ssl/*/server.crt
chmod 644 config/ssl/*/ca.crt
# Set directory permissions
chmod 755 config/ssl/*/
```
## Docker Volume Mounts
The certificates are mounted as read-only volumes in the Docker containers:
```yaml
volumes:
- ./config/ssl/nginx:/etc/ssl/nginx:ro
- ./config/ssl/keycloak:/opt/keycloak/conf:ro
# ... other mounts
```
## Certificate Renewal
### Automated Renewal (Let's Encrypt)
Set up a cron job for automatic renewal:
```bash
# Add to crontab
0 12 * * * /usr/bin/certbot renew --quiet --post-hook "docker-compose -f docker-compose.prod.yml restart nginx"
```
### Manual Renewal
1. Generate new certificates
2. Replace old certificates in SSL directories
3. Restart affected services:
```bash
docker-compose -f docker-compose.prod.yml restart nginx keycloak grafana prometheus
```
## Security Best Practices
1. **Use Strong Encryption**: Use at least 2048-bit RSA keys or 256-bit ECDSA keys
2. **Regular Rotation**: Rotate certificates regularly (annually or bi-annually)
3. **Secure Storage**: Store private keys securely and limit access
4. **Monitor Expiration**: Set up monitoring for certificate expiration
5. **Use HSTS**: Enable HTTP Strict Transport Security
6. **Perfect Forward Secrecy**: Use ECDHE cipher suites
7. **Certificate Transparency**: Monitor CT logs for unauthorized certificates
## Troubleshooting
### Common Issues
1. **Permission Denied**
```bash
# Fix file permissions
sudo chown -R $USER:$USER config/ssl/
chmod -R 755 config/ssl/
chmod 600 config/ssl/*/server.key
```
2. **Certificate Verification Failed**
```bash
# Verify certificate
openssl x509 -in config/ssl/nginx/server.crt -text -noout
# Check certificate chain
openssl verify -CAfile config/ssl/nginx/ca.crt config/ssl/nginx/server.crt
```
3. **TLS Handshake Errors**
- Check certificate validity dates
- Verify certificate matches hostname
- Ensure proper cipher suite configuration
### Testing SSL Configuration
```bash
# Test SSL certificate
openssl s_client -connect your-domain.com:443 -servername your-domain.com
# Test with specific protocol
openssl s_client -connect your-domain.com:443 -tls1_2
# Check certificate expiration
openssl x509 -in config/ssl/nginx/server.crt -noout -dates
```
## Support
For certificate-related issues:
1. Check service logs: `docker-compose -f docker-compose.prod.yml logs [service-name]`
2. Verify certificate files exist and have correct permissions
3. Test SSL configuration with OpenSSL tools
4. Consult service-specific SSL documentation