- Simplified and refined the `Caddyfile` configuration for improved readability.
- Added screenshots to `docs/ScreenShots` documenting proxy settings and production logs.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Moved outdated screenshots to the `archive` directory for better organization.
- Refined Caddyfile formatting and improved routing logic, including API proxy and SPA fallback behavior.
- Added new screenshots for Pangolin web app settings.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Refined SPA fallback configuration in `Caddyfile` using `try_files` for improved stability.
- Added production logs screenshot (`prod-docker-logs-web-app_2026-03-12_17-10.png`) to document application state.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Removed internal-only HTTPS (`tls internal`) configuration from the `Caddyfile`.
- Uploaded new screenshots to `docs/ScreenShots` for application settings and production error documentation.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Enabled `tls internal` in `Caddyfile` for secure communication behind the proxy.
- Added new screenshots to `docs/ScreenShots` for deployment, application settings, and error diagnosis.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Uploaded detailed production browser console logs from 2026-03-12 for debugging login errors.
- Captured HTTP/2 protocol error, mixed-content issues, and `TypeError: Failed to fetch` from `web-app.js`.
- Documented issues with Keycloak token retrieval over insecure HTTP.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Uploaded browser console logs and related error screenshots to document debugging efforts for Ping Service issues.
- Captured CORS-related errors, database initialization logs, and WebGL warnings for local environment analysis.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Added `mo-code.at` zone file for informational and archival purposes.
- Uploaded related screenshots for Pangolin architecture and server overview.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Added details to the 2026-03-10 session log about the DOCKER_REGISTRY root cause and resolution.
- Updated `.env` to correct the DOCKER_REGISTRY path (`/meldestelle` segment added) for proper Docker image resolution.
- Included related screenshots for troubleshooting and fix verification.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
- Enabled `directAccessGrants` for `frontend-client` in `meldestelle-realm.json` to support ROPC login flow.
- Strengthened admin credentials in realm configuration to meet password policy requirements.
- Upgraded Keycloak to `26.5.5` with updated Docker healthcheck logic:
- Replaced `curl` with bash `/dev/tcp` for compatibility with `ubi9-micro` image.
- Switched health endpoint from `/ready` to `/live` for single-node use.
- Adjusted healthcheck timings (`start_period`, `timeout`, `interval`) for smoother startup.
- Removed deprecated v1 hostname parameter `KC_HOSTNAME_STRICT_HTTPS`.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Deleted unused `.github` workflows and configurations, including obsolete CI/CD pipelines and PR templates, which were no longer executed after the migration to Gitea. Migrated the `PR Guard` workflow for hardcoded version checks to `.gitea/workflows/pr-guard.yaml`. Verified functional workflows in Gitea (e.g., Docker publish). Documented changes and rationale in session logs.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Updated `MASTER_ROADMAP_2026_Q1.md` and session logs to reflect completion of the Ping Service tracer bullet. Verified the end-to-end stack, including frontend, backend, and Gateway integration. Fixed query parameter mismatch in `PingApiKoinClient.syncPings()` (`lastSyncTimestamp` → `since`) for proper Delta-Sync functionality. Marked related roadmap tasks as completed.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Updated `MASTER_ROADMAP_2026_Q1.md` to reflect completed Redis-to-Valkey migration and Keycloak production configuration. Adjusted property paths in `base-application.yaml` and session logs with corrected environment variable names. Verified end-to-end Docker stability and roadmap alignment.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Marked Gateway CircuitBreaker tasks as completed and verified in archived roadmaps and session logs. Confirmed fixes for `ClassNotFoundException` via Spring Cloud 2025.0.1 and proper configuration of Resilience4j with fallback and metrics integration.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Completed OIDC Authorization Code Flow with PKCE (S256) for JS and JVM platforms.
- Added `launchOidcFlow`, `consumePendingOidcCallback`, and `getOidcRedirectUri` with platform-specific implementations.
- Integrated SHA-256 and Base64URL helpers for PKCE.
- Updated `LoginViewModel` with OIDC logic (key handling, token exchange, state validation).
- Enhanced `LoginScreen` with an OIDC login button and loading spinner.
- Verified implementation with system hardening roadmap tasks.
Includes browser redirects for JS, localhost HTTP callback for JVM, and built-in Keycloak URL construction.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Marked Zipkin integration tasks as completed and verified in archived roadmaps. Documented fixes for gateway propagation type (`w3c` → `b3`) and Zipkin endpoint configuration. Removed redundant dependencies in `build.gradle.kts` and updated related session logs.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Marked Micrometer 1.16.1 upgrade task as completed in archived roadmaps and session logs. Verified compatibility for Java 25 and updated notes to reflect no changes required in `libs.versions.toml`.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Documented the completed Keycloak hardening steps, including PKCE S256 support, CORS security improvements, strengthened password policy, and logout redirect URI configurations. Verified and updated the `meldestelle-realm.json` and roadmap to reflect these changes.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Added progress updates for completed roadmap tasks, including dependency management (Spring Cloud, SQLDelight, core-utils refactoring, Redis-to-Valkey migration). Added verification notes with dates, ensuring alignment with current implementation status and next steps.
Added detailed hardware specifications for the Minisforum MS-R1 (Zora) and a complete tech stack overview for the Meldestelle project. Included session logs summarizing research findings, AI relevance, and next steps for self-hosted AI model configurations. Consolidated related reference materials for streamlined documentation.
Added a session log confirming the resolution of pipeline issues in iteration v6, including successful sequential builds and the use of direct `config.json` for Docker credentials. Detailed the root causes (registry proxy timeouts and RAM-OOM) and the implemented fixes, ensuring stability and reliable internal registry access.
Added a session log detailing the resolution of RAM-OOM issues and daemon interaction complexities by writing credentials directly to `config.json` and limiting jobs to sequential execution. Updated `.gitea/workflows/docker-publish.yaml` to reflect the simplified and rootless BuildKit configuration for internal HTTP registry access.
Added a session log detailing the resolution of HTTPS to HTTP conflicts during internal registry access by configuring the Docker Daemon with `insecure-registries` in `daemon.json` and restarting the service. Updated `.gitea/workflows/docker-publish.yaml` to reflect the new approach, ensuring reliable internal pushes bypassing Pangolin without timeouts.
Added a session log detailing the replacement of `iptables` DNAT with a rootless `buildkitd` mirror for internal Gitea registry access, eliminating the need for sudo, additional packages, or kernel-level configurations. Updated `.gitea/workflows/docker-publish.yaml` to reflect the new, purely configurational solution.
Added a detailed session log explaining the replacement of `socat` with `iptables` DNAT for internal Gitea registry access in the pipeline. Updated `.gitea/workflows/docker-publish.yaml` to reflect the new approach, eliminating the need for additional packages on minimal runners.
Added a detailed session log explaining the root cause and resolution for pipeline failures due to "connection refused" on Port 443. Updated `.gitea/workflows/docker-publish.yaml` to configure BuildKit for HTTP and introduced a `socat` TCP proxy for internal registry access.
Added a detailed session log documenting the root cause and resolution of 502 errors during Docker image pushes. Updated `.gitea/workflows/docker-publish.yaml` to bypass Pangolin for internal registry access and disable attestation manifests to prevent additional token requests.
Translated all remaining English architectural documents into German, including ADRs, guides, release notes, and reference materials. Standardized formatting across translated files, updated section headings, and localized inline comments within code examples for consistency.
Revised and translated the guide for enabling Gitea Actions cache to streamline CI/CD workflows. Added localized examples, clarified tool and action caching configurations, and linked relevant resources for improved usability. Removed redundant sections and updated structure for better readability.
Revised multiple documents to align with the migration from Incus to Proxmox VE 8.4.10. Updated hypervisor, IP ranges, subnet details, and NAT configurations across all relevant files. Marked Incus sections as historical for clarity. Added AI-Stack setup guide for Proxmox LXC.
Streamlined Keycloak configurations with defaults for development and production in `.env`. Added health checks and improved environment variable documentation with comments to differentiate local and server deployments. Ensured compatibility with pre-built registry images.
Added a Prometheus scrape job for Keycloak metrics. Updated Alertmanager to use Mailpit for local testing. Completed documentation consolidation and marked cleanup-related tasks as done in the master roadmap.
Introduced a detailed guide on configuring automated backups for the Zora server, covering scheduling, manual execution, and restoration processes. Added `backup.sh` script to streamline database and configuration backups with retention and rotation.
Introduced a comprehensive guide on setting up Git-based deployment for the "Zora" server, including environment setup, repository initialization, and deployment workflow. Added `deploy.sh` script to streamline updates and restarts.
Moved outdated files to the `_archive` folder and reorganized infrastructure-related documentation into the `07_Infrastructure` directory. Improved clarity and ensured logical grouping of files.
Archived `Roadmap_2026_Q1.md` and replaced it with `MASTER_ROADMAP_2026_Q1.md` and `MASTER_ROADMAP.md`. Consolidated roadmap structure ensuring clearer organization and updated references for improved accessibility.
Updated `README.md` with new links for the Zora system architecture and master roadmap. Renamed and moved Proxmox release document under the infrastructure references. Added a `.keep` file to ensure directory structure persistence.
Introduced `Zora_System_Architektur.md` outlining the ARM64-based system design for "Zora." Covers Gitea setup, CI/CD workflows, deployment methods, service configurations, and developer guidelines.
Introduced `Pangolin-vs-Cloudflare-Tunnel.md` to compare features between Pangolin and Cloudflare Tunnel. Included step-by-step deployment instructions for Hetzner VPS and MS-R1, highlighting privacy, performance, and configuration benefits.
Aligned environment variable naming across backend and infrastructure files for improved consistency (e.g., `SPRING_CLOUD_CONSUL` and `SPRING_SECURITY_OAUTH2_RESOURCESERVER`). Introduced `PING_SERVICE_URL` to support dynamic Ping-Service routing. Updated Docker Compose health checks, profiles, and memory settings for scalability and stability.
Switched container images in `dc-infra.yaml` to a custom Docker registry for better control and consistency across deployments. Added Keycloak with enhanced configurations and updated several container restart policies, memory allocations, and healthcheck settings for improved performance and compatibility.
Introduced `Konfig-Matrix_Dev-ProZora.md` to document key configuration variables for development and production (Zora) environments, including database settings, secrets, and environment-specific usage details.
Added two new documents, `Zora_Infrastructure&Deployment_02-2026.md` and `Temp.md`, detailing the strategic roadmap for Zora's infrastructure setup and deployment phases, alongside a "Hello-World" test project guide to validate CI/CD pipelines and ARM64 compatibility.
