- **Caddyfile:** Ersetze `Access-Control-Allow-Origin` durch `*`, entferne `Access-Control-Allow-Credentials`, füge `Access-Control-Expose-Headers` hinzu.
- **GlobalSecurityConfig:** Lockere `allowedOrigins`, `allowedOriginPatterns` und `exposedHeaders` auf `*`, setze `allowCredentials` auf `false`.
- **MailServiceApplication:** Passe CORS-Mapping durch `allowedOrigins` und `allowCredentials` an.
- **UI:** Aktualisiere Versionsmarker auf `v2026-04-23.26 - NUCLEAR CORS v2`.
- **Caddyfile:** `Access-Control-Allow-Headers` auf `*` gelockert, Versionsmarkers angepasst.
- **UI:** Aktualisierung des Versionsmarkers auf `v2026-04-23.25 - CADDY CATCH-ALL CORS`.
- **Docs:** Ergänzung der Analyse und Lösung für Version 25.
- **Caddyfile:** OPTIONS-Handling optimiert: Hinzufügen spezifischer Header (`X-Requested-With`), Entfernen von `*` und leere Response (`respond "" 204`) eingeführt.
- **UI:** Aktualisierung des Versionsmarkers auf `v2026-04-23.24 - CADDY CORS FINAL BOSS`.
- **Docs:** Erweiterung der Analyse um Lösung und Status für Version 24.
- **Caddyfile:** Separates Handling für OPTIONS-Requests mit spezifischen Headern eingeführt, `defer` entfernt.
- **UI:** Aktualisierung des Versionsmarkers auf `v2026-04-23.23 - CADDY CORS OPTIONS FIX`.
- **Docs:** Ergänzung der Analyse und Lösung für Version 23.
- **Caddyfile:** Hinzufügen des `defer`-Flags zur korrekten Verarbeitung von CORS-Headern.
- **UI:** Aktualisierung des Versionsmarkers auf `v2026-04-23.22 - CADDY DEFER CORS FIX`.
- **Docs:** Ergänzung der Analyse und Lösung für Version 22.
- **Caddyfile:** Verlagerung des CORS-Handlings in den Reverse Proxy, inkl. Unterstützung für Preflight-Anfragen und Header-Optimierungen.
- **UI:** Aktualisierung des Versionsmarkers auf `v2026-04-23.21 - CADDY CORS PROXY FIX`.
- **Docs:** Ergänzung der Problem- und Lösungshistorie für Version 21.
- **Dockerfile:** Füge `BUILD_DATE` als Argument hinzu, um Layer-Cache zu invalidieren.
- **CI:** Aktualisiere Build-Args mit `BUILD_DATE` aus Commit-Timestamp.
- **Dockerfile:** Passe COPY-Pfad für Web-Assets auf neuen CI-Workflow an.
- **CI:** Füge Schritt zum Staging von Web-Assets vor dem Docker-Build hinzu.
- **Docker Fixes:** Resolved failed builds for Gateway and Ping services by switching to `eclipse-temurin:21-jdk-alpine`, correcting Gradle configurations, and fixing cache mount paths.
- **ZNS-Import Consul Registration:** Enabled Consul service discovery by updating `application.yaml` and `build.gradle.kts`.
- **pgAdmin Provisioning:** Preconfigured the database server in `servers.json` and updated `dc-ops.yaml` for seamless setup.
- **Postman Documentation:** Added a detailed Postman test guide covering environment setup, endpoint groups, and recommended test sequences.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Added platform detection logic `currentPlatform()` in `PlatformType.js.kt`.
- Introduced platform-based behavior for LandingScreen, Dashboard, and Login flow.
- Replaced Row with FlowRow in PingScreen to improve button layout.
- Updated Meldestelle Dashboard with platform-specific headers and authentication checks.
- Adjusted AppHeader to accept `isAuthenticated` and `username` parameters.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Updated `keycloak/meldestelle-realm.json` to replace dynamic secrets with static values for local testing.
- Incremented service worker cache version to `v4` and added bypass rules for API requests and app bundles to prevent outdated data.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Added new comments and examples in `.env.example` for clarity and proper configuration.
- Improved readability and structure of `Caddyfile` with better indentation, comments, and routing logic.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Improved readability and structure of `Caddyfile` by adjusting indentation and comments.
- Added production log screenshot (`prod-docker-log-web-app_2026-03-13_12-57.png`) for documentation.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Simplified and refined the `Caddyfile` configuration for improved readability.
- Added screenshots to `docs/ScreenShots` documenting proxy settings and production logs.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Moved outdated screenshots to the `archive` directory for better organization.
- Refined Caddyfile formatting and improved routing logic, including API proxy and SPA fallback behavior.
- Added new screenshots for Pangolin web app settings.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Refined SPA fallback configuration in `Caddyfile` using `try_files` for improved stability.
- Added production logs screenshot (`prod-docker-logs-web-app_2026-03-12_17-10.png`) to document application state.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Removed internal-only HTTPS (`tls internal`) configuration from the `Caddyfile`.
- Uploaded new screenshots to `docs/ScreenShots` for application settings and production error documentation.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Enabled `tls internal` in `Caddyfile` for secure communication behind the proxy.
- Added new screenshots to `docs/ScreenShots` for deployment, application settings, and error diagnosis.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Uploaded browser console logs and related error screenshots to document debugging efforts for Ping Service issues.
- Captured CORS-related errors, database initialization logs, and WebGL warnings for local environment analysis.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Enabled `directAccessGrants` for `frontend-client` in `meldestelle-realm.json` to support ROPC login flow.
- Strengthened admin credentials in realm configuration to meet password policy requirements.
- Upgraded Keycloak to `26.5.5` with updated Docker healthcheck logic:
- Replaced `curl` with bash `/dev/tcp` for compatibility with `ubi9-micro` image.
- Switched health endpoint from `/ready` to `/live` for single-node use.
- Adjusted healthcheck timings (`start_period`, `timeout`, `interval`) for smoother startup.
- Removed deprecated v1 hostname parameter `KC_HOSTNAME_STRICT_HTTPS`.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Updated `MASTER_ROADMAP_2026_Q1.md` to reflect completed Redis-to-Valkey migration and Keycloak production configuration. Adjusted property paths in `base-application.yaml` and session logs with corrected environment variable names. Verified end-to-end Docker stability and roadmap alignment.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Documented the completed Keycloak hardening steps, including PKCE S256 support, CORS security improvements, strengthened password policy, and logout redirect URI configurations. Verified and updated the `meldestelle-realm.json` and roadmap to reflect these changes.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Streamlined Keycloak configurations with defaults for development and production in `.env`. Added health checks and improved environment variable documentation with comments to differentiate local and server deployments. Ensured compatibility with pre-built registry images.
Added a Prometheus scrape job for Keycloak metrics. Updated Alertmanager to use Mailpit for local testing. Completed documentation consolidation and marked cleanup-related tasks as done in the master roadmap.
Introduced a detailed guide on configuring automated backups for the Zora server, covering scheduling, manual execution, and restoration processes. Added `backup.sh` script to streamline database and configuration backups with retention and rotation.
Introduced a comprehensive guide on setting up Git-based deployment for the "Zora" server, including environment setup, repository initialization, and deployment workflow. Added `deploy.sh` script to streamline updates and restarts.
Removed `# syntax=docker/dockerfile:1.8` from various Dockerfiles as it is no longer needed. Updated `.gitea/workflows/docker-publish.yaml` to enhance ARM64 build reliability with host driver enforcement and commented out unused caching configurations for clarity.
Replaced Redis with Valkey as the caching backend across infrastructure and application modules. Updated configurations, templates, and health checks to reflect Valkey-specific parameters. Improved compatibility with enhanced configurability, including max memory and memory eviction policy settings.
Updated `dc-infra.yaml` to enable automatic restart (`unless-stopped`), introduce dynamic memory allocations via environment variables, and adjust healthcheck intervals for reduced load. Enhanced `postgresql.conf` with performance tuning comments, schema search path inclusion for Keycloak and app users, and SSL adjustments for internal communication.
