mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

refactor(infra): Restrukturierung Config-Ordner & Einführung von Docker-Profilen

Browse Source 
Umfangreiches Refactoring der Projektkonfiguration zur klaren Trennung von Build-, Runtime- und Applikations-Logik.

Änderungen im Detail:
- Struktur: Neuorganisation des `config/` Verzeichnisses in logische Bereiche:
  - `config/docker`: Reine Infrastruktur-Configs (Postgres, Redis, Nginx, Monitoring).
  - `config/quality`: Statische Code-Analyse (Detekt, Lint).
  - `config/app`: Gemeinsame Spring-Boot-Konfigurationen.
- Docker Compose:
  - Einführung von Profilen (`infra`, `backend`, `ops`, `gui`, `tools`) für gezieltes Starten von Teilbereichen.
  - Anpassung aller Volume-Pfade auf die neue Struktur.
- Spring Boot Config:
  - Zentralisierung gemeinsamer Einstellungen (Datasource, Redis, JPA) in `config/app/base-application.yml`.
  - Parametrisierung der Hosts für nahtlosen Wechsel zwischen Docker und Localhost.
  - Bereinigung der service-spezifischen `application.yaml` Dateien (z.B. Ping-Service).
- Cleanup: Entfernen redundanter "Ghost-Files" (`versions.toml`, `central.toml`, `config/.env`), um eine echte Single Source of Truth (SSoT) zu gewährleisten.
This commit is contained in:
Stefan Mogeritsch
2025-12-10 15:25:10 +01:00
parent 8221a7b915
commit f402fbaf19
45 changed files with 171 additions and 729 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/docker/nginx/desktop-app/Dockerfile
+109
View File
@@ -0,0 +1,109 @@
# ===================================================================
# Multi-Stage Dockerfile für Meldestelle Desktop-App (VNC)
# ===================================================================
# 1. Build Stage (Debian-basiert für Stabilität bei Desktop-Builds)
FROM gradle:8-jdk21 AS builder
WORKDIR /app
# Copy Configs
COPY build.gradle.kts settings.gradle.kts gradle.properties ./
COPY gradle/ gradle/
COPY gradlew ./
# Fix Permissions
RUN chmod +x gradlew
# Copy Sources (Struktur wie im Web-App Fix)
COPY platform/ platform/
COPY core/ core/
COPY backend/ backend/
COPY frontend/ frontend/
COPY docs/ docs/
# Falls du 'domains' oder andere Ordner hast, die in settings.gradle.kts stehen:
# COPY domains/ domains/
# Dependencies laden
RUN ./gradlew :frontend:shells:meldestelle-portal:dependencies --no-daemon
# Desktop-App Distribution erstellen
# Wir nutzen 'packageDistributionForCurrentOS' oder 'createDistributable'
RUN ./gradlew :frontend:shells:meldestelle-portal:createDistributable --no-daemon
# ===================================================================
# Stage 2: Runtime Stage - Ubuntu mit VNC + noVNC
# ===================================================================
FROM ubuntu:22.04
ENV DEBIAN_FRONTEND=noninteractive
# Installiere System-Dependencies
RUN apt-get update && apt-get install -y \
openjdk-21-jdk \
xvfb \
x11vnc \
python3 \
python3-numpy \
xfce4 \
xfce4-goodies \
curl \
wget \
unzip \
supervisor \
net-tools \
git \
# WICHTIG: GUI Libraries für Java/Compose \
libgl1-mesa-glx \
libgl1-mesa-dri \
libgtk-3-0 \
libasound2 \
libxcursor1 \
libxi6 \
libxtst6 \
libxrandr2 \
&& apt-get remove -y xfce4-power-manager \
&& apt-get autoremove -y \
&& rm -rf /var/lib/apt/lists/*
# Manuelle Installation von noVNC und Websockify
# Wir klonen Websockify an den Ort, wo noVNC es erwartet
RUN mkdir -p /usr/share/novnc \
&& git clone --depth 1 https://github.com/novnc/noVNC.git /usr/share/novnc \
&& git clone --depth 1 https://github.com/novnc/websockify /usr/share/novnc/utils/websockify \
&& ln -s /usr/share/novnc/vnc.html /usr/share/novnc/index.html
WORKDIR /app
# Kopiere Build-Ergebnis
# HINWEIS: Der Pfad muss exakt stimmen. Compose Gradle Plugin Output ist oft verschachtelt.
# Wir kopieren den Inhalt nach /app/desktop-app
COPY --from=builder /app/frontend/shells/meldestelle-portal/build/compose/binaries/main/app/ /app/desktop-app/
# Scripts (Achte darauf, dass die Pfade im Host stimmen!)
COPY config/frontends/desktop-app/entrypoint.sh /entrypoint.sh
COPY config/frontends/desktop-app/health-check.sh /opt/health-check.sh
# Wir nutzen vorerst dein Entrypoint-Script, Supervisor Config ist optional wenn Script alles macht
# COPY config/frontends/desktop-app/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
RUN chmod +x /entrypoint.sh /opt/health-check.sh
# User Setup
RUN useradd -m -s /bin/bash vncuser && \
mkdir -p /home/vncuser/.vnc && \
chown -R vncuser:vncuser /home/vncuser && \
chown -R vncuser:vncuser /app
EXPOSE 5901 6080
ENV DISPLAY=:99 \
VNC_PORT=5901 \
NOVNC_PORT=6080 \
API_BASE_URL="http://api-gateway:8081"
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD /opt/health-check.sh
USER vncuser
ENTRYPOINT ["/entrypoint.sh"]
config/docker/nginx/desktop-app/entrypoint.sh
+79
View File
@@ -0,0 +1,79 @@
#!/bin/bash
set -e
log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"; }
log "Starting Meldestelle Desktop-App..."
export DISPLAY=${DISPLAY:-:99}
export VNC_PORT=${VNC_PORT:-5901}
export NOVNC_PORT=${NOVNC_PORT:-6080}
export VNC_PW=${VNC_PW:-meldestelle}
export API_BASE_URL=${API_BASE_URL:-http://api-gateway:8081}
# Grafik-Optimierungen für Docker (Software Rendering erzwingen)
export SKIKO_RENDER_API="SOFTWARE"
export LIBGL_ALWAYS_SOFTWARE=1
export MESA_GL_VERSION_OVERRIDE=3.3
# 0. VNC Passwort Setup
mkdir -p /home/vncuser/.vnc
x11vnc -storepasswd "$VNC_PW" /home/vncuser/.vnc/passwd
# 1. Start Xvfb
log "Starting Xvfb..."
rm -f /tmp/.X99-lock
Xvfb $DISPLAY -screen 0 1280x1024x24 -ac +extension GLX +render -noreset &
sleep 2
# 2. Start Window Manager
log "Starting XFCE4..."
startxfce4 &
sleep 2
# 3. Start VNC Server
log "Starting x11vnc on port $VNC_PORT..."
x11vnc -display $DISPLAY -forever -rfbauth /home/vncuser/.vnc/passwd -create -rfbport $VNC_PORT -shared -bg
# 4. Start noVNC (Fix für Websockify Pfad)
log "Starting noVNC on port $NOVNC_PORT..."
# Wir nutzen das mitgelieferte Proxy-Script, das ist robuster als websockify direkt aufzurufen
/usr/share/novnc/utils/novnc_proxy --vnc localhost:$VNC_PORT --listen $NOVNC_PORT &
NOVNC_PID=$!
# 5. Start Desktop App (Fix für Pfad-Probleme)
log "Searching for App binary..."
# Wir suchen rekursiv nach der Datei "Meldestelle" im Ordner "bin", die ausführbar ist
# Screenshot zeigte: /app/desktop-app/Meldestelle/bin/Meldestelle
APP_PATH=$(find /app/desktop-app -type f -path "*/bin/Meldestelle" | head -n 1)
if [ -z "$APP_PATH" ]; then
# Fallback: Suche irgendeine Datei im bin Ordner, die KEIN Shellscript/Bat ist und executable
APP_PATH=$(find /app/desktop-app -type f -path "*/bin/*" ! -name "*.sh" ! -name "*.bat" | head -n 1)
fi
if [ -f "$APP_PATH" ]; then
log "🚀 Launching App from: $APP_PATH"
chmod +x "$APP_PATH"
"$APP_PATH" &
APP_PID=$!
else
log "❌ CRITICAL ERROR: App binary not found!"
log "Files in /app/desktop-app:"
ls -R /app/desktop-app
fi
log "Ready! Access: http://localhost:6080/vnc.html"
# Cleanup bei Stop
cleanup() {
log "Stopping..."
if [ -n "$APP_PID" ]; then kill $APP_PID 2>/dev/null || true; fi
kill $NOVNC_PID 2>/dev/null || true
pkill x11vnc || true
exit 0
}
trap cleanup SIGTERM SIGINT
# Loggt Websockify Output in die Konsole
tail -f /dev/null
config/docker/nginx/desktop-app/health-check.sh
+63
View File
@@ -0,0 +1,63 @@
#!/bin/bash
# ===================================================================
# Health-Check-Script für Meldestelle Desktop-App (VNC)
# ===================================================================
set -e
# Environment-Variablen
VNC_PORT=${VNC_PORT:-5901}
NOVNC_PORT=${NOVNC_PORT:-6080}
DISPLAY=${DISPLAY:-:99}
# Logging-Funktion
log() {
echo "[HEALTH] $1"
}
# 1. Überprüfe X11 Display
if ! xdpyinfo -display $DISPLAY >/dev/null 2>&1; then
log "ERROR: X11 display $DISPLAY is not running"
exit 1
fi
log "✓ X11 display $DISPLAY is running"
# 2. Überprüfe VNC Server
if ! netstat -ln | grep -q ":$VNC_PORT "; then
log "ERROR: VNC server is not listening on port $VNC_PORT"
exit 1
fi
log "✓ VNC server is running on port $VNC_PORT"
# 3. Überprüfe noVNC Web Interface
if ! curl -f -s "http://localhost:$NOVNC_PORT/" > /dev/null 2>&1; then
log "ERROR: noVNC web interface is not responding on port $NOVNC_PORT"
exit 1
fi
log "✓ noVNC web interface is running on port $NOVNC_PORT"
# 4. Überprüfe ob Desktop-App läuft (optional, da sie crashen könnte)
if pgrep -f "client" >/dev/null 2>&1; then
log "✓ Desktop-App is running"
else
log "⚠ Desktop-App is not running (may have crashed or not started yet)"
# Nicht als Fehler behandeln, da die App crashen könnte
fi
# 5. Überprüfe Xvfb
if ! pgrep -f "Xvfb" >/dev/null 2>&1; then
log "ERROR: Xvfb is not running"
exit 1
fi
log "✓ Xvfb is running"
# 6. Überprüfe XFCE4
if ! pgrep -f "xfce4" >/dev/null 2>&1; then
log "WARNING: XFCE4 desktop might not be running"
# Nicht als kritischer Fehler behandeln
else
log "✓ XFCE4 desktop environment is running"
fi
log "All critical services are healthy"
exit 0
config/docker/nginx/desktop-app/supervisord.conf
+54
View File
@@ -0,0 +1,54 @@
[supervisord]
nodaemon=true
user=root
logfile=/var/log/supervisor/supervisord.log
pidfile=/var/run/supervisord.pid
[program:xvfb]
command=Xvfb :99 -screen 0 1280x1024x24 -ac +extension GLX +render -noreset
user=vncuser
autostart=true
autorestart=true
priority=100
stdout_logfile=/var/log/supervisor/xvfb.log
stderr_logfile=/var/log/supervisor/xvfb.log
[program:xfce4]
command=startxfce4
user=vncuser
environment=DISPLAY=":99"
autostart=true
autorestart=true
priority=200
stdout_logfile=/var/log/supervisor/xfce4.log
stderr_logfile=/var/log/supervisor/xfce4.log
[program:vnc]
command=x11vnc -display :99 -forever -usepw -create -rfbport 5901 -nopw -shared
user=vncuser
environment=DISPLAY=":99"
autostart=true
autorestart=true
priority=300
stdout_logfile=/var/log/supervisor/vnc.log
stderr_logfile=/var/log/supervisor/vnc.log
[program:novnc]
command=websockify --web=/usr/share/novnc/ 6080 localhost:5901
user=vncuser
autostart=true
autorestart=true
priority=400
stdout_logfile=/var/log/supervisor/novnc.log
stderr_logfile=/var/log/supervisor/novnc.log
[program:desktop-app]
command=/app/desktop-app/client/bin/client
user=vncuser
environment=DISPLAY=":99",API_BASE_URL="http://api-gateway:8081"
directory=/app/desktop-app
autostart=true
autorestart=false
priority=500
stdout_logfile=/var/log/supervisor/desktop-app.log
stderr_logfile=/var/log/supervisor/desktop-app.log
config/docker/nginx/nginx.prod.conf
+133
View File
@@ -0,0 +1,133 @@
# Nginx Production Configuration
# =============================================================================
# This configuration provides secure reverse proxy with SSL termination,
# security headers, and performance optimizations for production
# =============================================================================
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
# Performance and Security Settings
worker_rlimit_nofile 65535;
events {
worker_connections 4096;
use epoll;
multi_accept on;
}
http {
# Basic Settings
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Performance Settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# Buffer Settings
client_body_buffer_size 128k;
client_max_body_size 10m;
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
output_buffers 1 32k;
postpone_output 1460;
# Timeout Settings
client_body_timeout 12;
client_header_timeout 12;
send_timeout 10;
# Gzip Compression
gzip on;
gzip_vary on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private must-revalidate auth;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/x-javascript
application/xml+rss
application/javascript
application/json
application/xml
application/rss+xml
application/atom+xml
image/svg+xml;
# Security Headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# Rate Limiting
limit_req_zone $binary_remote_addr zone=login:10m rate=10r/m;
limit_req_zone $binary_remote_addr zone=api:10m rate=100r/m;
limit_req_zone $binary_remote_addr zone=general:10m rate=1000r/m;
# Logging Format
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time';
access_log /var/log/nginx/access.log main;
# SSL Configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
# Upstream Definitions
upstream keycloak {
server keycloak:8443;
keepalive 32;
}
upstream grafana {
server grafana:3000;
keepalive 32;
}
upstream prometheus {
server prometheus:9090;
keepalive 32;
}
# HTTP to HTTPS Redirect
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}
# Health Check Endpoint
server {
listen 80;
server_name localhost;
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
}
# Include additional server configurations
include /etc/nginx/conf.d/*.conf;
}
config/docker/nginx/web-app/Dockerfile
+116
View File
@@ -0,0 +1,116 @@
# syntax=docker/dockerfile:1.8
# ===================================================================
# Multi-Stage Dockerfile for Meldestelle Web-App (Kotlin/JS)
# Version: 2.1.0 - Fix: Use Debian for Build (Glibc), Alpine for Run
# ===================================================================
# === GLOBAL ARGS ===
ARG GRADLE_VERSION
ARG JAVA_VERSION
ARG NODE_VERSION
ARG NGINX_IMAGE_TAG
ARG WEB_BUILD_PROFILE
ARG VERSION
ARG BUILD_DATE
# ===================================================================
# Stage 1: Build Stage (Debian-based for Node.js compatibility)
# ===================================================================
# WICHTIG: Wir nutzen hier NICHT Alpine, damit die Node-Binaries funktionieren!
FROM gradle:${GRADLE_VERSION}-jdk${JAVA_VERSION} AS builder
ARG WEB_BUILD_PROFILE
ARG VERSION
ARG BUILD_DATE
LABEL stage=builder
WORKDIR /workspace
# 1. Gradle Optimizations
# Hinweis: Wir lassen Node/Yarn Download Flags weg, da Gradle auf Debian
# die Standard-Binaries problemlos laden und ausführen kann.
ENV GRADLE_OPTS="-Dorg.gradle.caching=true \
-Dorg.gradle.daemon=false \
-Dorg.gradle.parallel=true \
-Dorg.gradle.workers.max=2 \
-Dorg.gradle.jvmargs=-Xmx2g \
-XX:+UseParallelGC \
-XX:MaxMetaspaceSize=512m"
ENV GRADLE_USER_HOME=/home/gradle/.gradle
# 2. Copy Build Configs
COPY gradlew gradlew.bat gradle.properties settings.gradle.kts ./
COPY gradle/ gradle/
COPY build.gradle.kts ./
RUN chmod +x gradlew
# 3. Copy Sources (Monorepo Structure)
COPY platform/ platform/
COPY core/ core/
COPY backend/ backend/
COPY frontend/ frontend/
# FIX: Docs Ordner ist notwendig für die Gradle-Konfigurationsphase
COPY docs/ docs/
# 4. Resolve Dependencies
# Wir lassen Gradle Node.js selbst herunterladen (funktioniert jetzt, da wir auf Debian sind)
RUN --mount=type=cache,target=/home/gradle/.gradle/caches \
--mount=type=cache,target=/home/gradle/.gradle/wrapper \
./gradlew :frontend:shells:meldestelle-portal:dependencies --no-daemon
# 5. Build Web App
RUN --mount=type=cache,target=/home/gradle/.gradle/caches \
--mount=type=cache,target=/home/gradle/.gradle/wrapper \
if [ "$WEB_BUILD_PROFILE" = "prod" ]; then \
echo "Building for PRODUCTION..."; \
./gradlew :frontend:shells:meldestelle-portal:jsBrowserDistribution -Pproduction=true --no-daemon; \
mkdir -p /app/dist && \
cp -r frontend/shells/meldestelle-portal/build/dist/js/productionExecutable/* /app/dist/; \
else \
echo "Building for DEVELOPMENT..."; \
./gradlew :frontend:shells:meldestelle-portal:jsBrowserDevelopmentExecutable --no-daemon; \
mkdir -p /app/dist && \
cp -r frontend/shells/meldestelle-portal/build/dist/js/developmentExecutable/* /app/dist/; \
fi
# ===================================================================
# Stage 2: Runtime Stage (Alpine Nginx)
# ===================================================================
FROM nginx:${NGINX_IMAGE_TAG}
ARG VERSION
ARG BUILD_DATE
ARG JAVA_VERSION
# Metadata
LABEL service="web-app" \
version="${VERSION}" \
maintainer="Meldestelle Development Team" \
build.date="${BUILD_DATE}" \
org.opencontainers.image.title="Meldestelle Web-App"
# Tools & User Setup
RUN apk add --no-cache curl && \
rm /etc/nginx/conf.d/default.conf && \
mkdir -p /usr/share/nginx/html/downloads
# Copy Artifacts
COPY config/frontends/web-app/nginx.conf /etc/nginx/nginx.conf
COPY --from=builder /app/dist/ /usr/share/nginx/html/
COPY config/frontends/web-app/downloads/ /usr/share/nginx/html/downloads/
# Permissions
RUN chown -R nginx:nginx /usr/share/nginx/html && \
chmod -R 755 /usr/share/nginx/html && \
chown -R nginx:nginx /var/cache/nginx /var/log/nginx /etc/nginx/conf.d && \
touch /var/run/nginx.pid && \
chown -R nginx:nginx /var/run/nginx.pid
USER nginx
EXPOSE 4000
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
CMD curl -f http://localhost:4000/health || exit 1
CMD ["nginx", "-g", "daemon off;"]
config/docker/nginx/web-app/downloads/index.html
+30
View File
@@ -0,0 +1,30 @@
<!doctype html>
<html lang="de">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Meldestelle Desktop Downloads (Platzhalter)</title>
<style>
body { font-family: system-ui, -apple-system, Segoe UI, Roboto, Ubuntu, Cantarell, 'Helvetica Neue', Arial, 'Noto Sans', 'Liberation Sans', sans-serif; margin: 2rem; }
h1 { margin-bottom: .25rem; }
.muted { color: #666; }
ul { line-height: 1.8; }
.card { border: 1px solid #e5e7eb; border-radius: 8px; padding: 1rem 1.25rem; max-width: 720px; }
</style>
</head>
<body>
<h1>Desktop Downloads</h1>
<p class="muted">Platzhalter-Verzeichnis. Hier können zukünftig Installer/Archive der Desktop-App bereitgestellt werden.</p>
<div class="card">
<p>Lege deine Dateien in dieses Verzeichnis im Repository:</p>
<pre><code>dockerfiles/clients/web-app/downloads/</code></pre>
<p>Oder mounte in Docker Compose ein Host-Verzeichnis auf <code>/usr/share/nginx/html/downloads</code>.</p>
<p>Beispiele (geplant):</p>
<ul>
<li>Meldestelle-Setup-1.0.0.msi (Windows)</li>
<li>Meldestelle-1.0.0.dmg (macOS)</li>
<li>Meldestelle-1.0.0.deb (Linux)</li>
</ul>
</div>
</body>
</html>
config/docker/nginx/web-app/nginx.conf
+101
View File
@@ -0,0 +1,101 @@
# ===================================================================
# Nginx-Konfiguration für Meldestelle Web-App
# Static Files + API Proxy zu Gateway
# ===================================================================
# Worker-Prozesse (konfigurierbar über NGINX_WORKER_PROCESSES)
worker_processes auto;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Performance Optimizations
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# Gzip Kompression für bessere Performance
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_comp_level 6;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/javascript
application/xml+rss
application/json
application/wasm;
# Upstream für API Gateway
upstream api-gateway {
server api-gateway:8081;
}
# Server-Block für Web-App
server {
listen 4000;
server_name localhost;
root /usr/share/nginx/html;
index index.html;
# Serve static files (Kotlin/JS compiled files)
location / {
try_files $uri $uri/ /index.html;
# Cache-Headers für statische Assets
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
# WASM Files mit korrektem MIME-Type
location ~* \.wasm$ {
add_header Content-Type application/wasm;
expires 1y;
add_header Cache-Control "public, immutable";
}
}
# Proxy API calls zu Gateway
location /api/ {
proxy_pass http://api-gateway;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS Headers für API-Calls
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
# Handle preflight requests
if ($request_method = 'OPTIONS') {
return 204;
}
}
# Health-Check Endpoint
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
}
}