mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: mocode-software:b156d2eb6ce368ed68ed268c37f97b5d26a615af
Branches Tags
mocode-software:main
...
compare: mocode-software:6e7e22e588655d61891c0c6373b3489062a80e13
Branches Tags
mocode-software:main

2 Commits
b156d2eb6c ... 6e7e22e588

Author SHA1 Message Date
Stefan Mogeritsch
6e7e22e588 config: enhance .env.example and refine Caddyfile formatting
All checks were successful
Build and Publish Docker Images / build-and-push (., backend/infrastructure/gateway/Dockerfile, api-gateway, api-gateway) (push) Successful in 8m44s
Details
Build and Publish Docker Images / build-and-push (., backend/services/ping/Dockerfile, ping-service, ping-service) (push) Successful in 7m27s
Details
Build and Publish Docker Images / build-and-push (., config/docker/caddy/web-app/Dockerfile, web-app, web-app) (push) Successful in 1m49s
Details
Build and Publish Docker Images / build-and-push (., config/docker/keycloak/Dockerfile, keycloak, keycloak) (push) Successful in 1m56s
Details 
- Added new comments and examples in `.env.example` for clarity and proper configuration.
- Improved readability and structure of `Caddyfile` with better indentation, comments, and routing logic.

Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
 2026-03-14 09:44:03 +01:00
Stefan Mogeritsch
08e0edba4a config: update .env.example with enhanced structure and secure defaults 
- Improved organization with clear section headers for readability.
- Replaced placeholder values with clearer examples and added secure defaults.
- Introduced new environment variables for advanced configurations (e.g., `JVM_OPTS_ARM64`, `ZIPKIN_ENDPOINT`, `POSTGRES_SHARED_BUFFERS`).

Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
 2026-03-14 09:34:51 +01:00
3 changed files with 55 additions and 39 deletions
Show Stats Expand all files Collapse all files

61
.env.example
View File

@ -17,22 +17,31 @@ PROJECT_NAME=meldestelle
BACKUP_DIR=/home/<USER>/backups/meldestelle BACKUP_DIR=/home/<USER>/backups/meldestelle
BACKUP_RETENTION_DAYS=7 BACKUP_RETENTION_DAYS=7
# Docker build versions (optional overrides) # --- DOCKER BUILD & REGISTRY ---
DOCKER_REGISTRY=git.mo-code.at/mo-code
DOCKER_TAG=latest
DOCKER_VERSION=1.0.0-SNAPSHOT DOCKER_VERSION=1.0.0-SNAPSHOT
DOCKER_BUILD_DATE=2026-02-02T15:00:00Z DOCKER_BUILD_DATE=2026-02-02T15:00:00Z
DOCKER_GRADLE_VERSION=9.3.1 DOCKER_GRADLE_VERSION=9.3.1
# Check if 25 is intended (Early Access) or if LTS 21 was meant # Java 25 = Early Access; für LTS auf 21 setzen
DOCKER_JAVA_VERSION=25 DOCKER_JAVA_VERSION=25
DOCKER_NODE_VERSION=24.12.0 DOCKER_NODE_VERSION=24.12.0
DOCKER_NGINX_VERSION=1.28.0-alpine # Caddy Version für den Web-App Container
DOCKER_CADDY_VERSION=2.11-alpine
# ARM64 spezifische JVM-Optionen (leer lassen auf x86/amd64, z.B. auf Apple Silicon)
# Beispiel ARM64: JVM_OPTS_ARM64=-XX:UseSVE=0
JVM_OPTS_ARM64=
# Postgres # --- POSTGRES ---
POSTGRES_IMAGE=postgres:16-alpine POSTGRES_IMAGE=postgres:16-alpine
POSTGRES_USER=pg-user POSTGRES_USER=<DB_USER>
POSTGRES_PASSWORD=pg-password POSTGRES_PASSWORD=<SICHERES_PASSWORT>
POSTGRES_DB=pg-meldestelle-db POSTGRES_DB=pg-meldestelle-db
POSTGRES_PORT=5432:5432 POSTGRES_PORT=5432:5432
POSTGRES_DB_URL=jdbc:postgresql://postgres:5432/pg-meldestelle-db POSTGRES_DB_URL=jdbc:postgresql://postgres:5432/pg-meldestelle-db
# PostgreSQL Performance Tuning
POSTGRES_SHARED_BUFFERS=256MB
POSTGRES_EFFECTIVE_CACHE_SIZE=768MB
# --- VALKEY (formerly Redis) --- # --- VALKEY (formerly Redis) ---
VALKEY_IMAGE=valkey/valkey:9-alpine VALKEY_IMAGE=valkey/valkey:9-alpine
@ -42,7 +51,7 @@ VALKEY_SERVER_HOSTNAME=valkey
VALKEY_SERVER_PORT=6379 VALKEY_SERVER_PORT=6379
VALKEY_SERVER_CONNECT_TIMEOUT=5s VALKEY_SERVER_CONNECT_TIMEOUT=5s
VALKEY_POLICY=allkeys-lru VALKEY_POLICY=allkeys-lru
VALKEY_MAXMEMORY=256mb VALKEY_MAX_MEMORY=256mb
# --- KEYCLOAK --- # --- KEYCLOAK ---
KEYCLOAK_IMAGE_TAG=26.4 KEYCLOAK_IMAGE_TAG=26.4
@ -56,8 +65,9 @@ KC_ADMIN_PASSWORD=<SICHERES_PASSWORT>
KC_DB=postgres KC_DB=postgres
KC_DB_SCHEMA=keycloak KC_DB_SCHEMA=keycloak
KC_DB_PASSWORD=<SICHERES_PASSWORT> KC_DB_PASSWORD=<SICHERES_PASSWORT>
# SERVER: Public Domain (z.B. auth.mo-code.at) - ohne http/https Prefix! # SERVER: Public Domain (z.B. auth.mo-code.at) ohne http/https Prefix!
# LOKAL: localhost # LOKAL: localhost
# SERVER: auth.mo-code.at
KC_HOSTNAME=<SERVER_IP_ODER_DOMAIN> KC_HOSTNAME=<SERVER_IP_ODER_DOMAIN>
# false = Zugriff über beliebige Hostnamen erlaubt (nötig ohne TLS / für HTTP-Betrieb) # false = Zugriff über beliebige Hostnamen erlaubt (nötig ohne TLS / für HTTP-Betrieb)
KC_HOSTNAME_STRICT=false KC_HOSTNAME_STRICT=false
@ -69,22 +79,34 @@ KC_MANAGEMENT_PORT=9000:9000
# Public Issuer URI: muss mit dem Hostname übereinstimmen, den Browser/App sieht # Public Issuer URI: muss mit dem Hostname übereinstimmen, den Browser/App sieht
# LOKAL: http://localhost:8180/realms/meldestelle # LOKAL: http://localhost:8180/realms/meldestelle
# SERVER: https://auth.mo-code.at/realms/meldestelle (via Pangolin) # SERVER: https://auth.mo-code.at/realms/meldestelle (via Pangolin)
SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://<SERVER_IP_ODER_DOMAIN>:8180/realms/meldestelle KC_ISSUER_URI=http://<SERVER_IP_ODER_DOMAIN>:8180/realms/meldestelle
# SERVER: https://auth.mo-code.at/realms/meldestelle
# Internal JWK Set URI: Service-zu-Service innerhalb Docker (immer keycloak:8080) # Internal JWK Set URI: Service-zu-Service innerhalb Docker (immer keycloak:8080)
SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/realms/meldestelle/protocol/openid-connect/certs KC_JWK_SET_URI=http://keycloak:8080/realms/meldestelle/protocol/openid-connect/certs
# --- CONSUL --- # --- CONSUL ---
CONSUL_IMAGE=hashicorp/consul:1.22.1 CONSUL_IMAGE=hashicorp/consul:1.22.1
CONSUL_PORT=8500:8500 CONSUL_PORT=8500:8500
CONSUL_UDP_PORT=8600:8600/udp CONSUL_UDP_PORT=8600:8600/udp
CONSUL_HOST=consul CONSUL_HOST=consul
# Separater HTTP-Port (ohne Mapping) für Service-zu-Service Kommunikation (ping-service)
CONSUL_HTTP_PORT=8500
# --- Zipkin --- # --- SPRING CLOUD CONSUL (api-gateway) ---
SPRING_CLOUD_CONSUL_HOST=consul
SPRING_CLOUD_CONSUL_PORT=8500
SPRING_CLOUD_CONSUL_DISCOVERY_SERVICE_NAME=api-gateway
SPRING_CLOUD_CONSUL_DISCOVERY_PREFER_IP_ADDRESS=true
# --- ZIPKIN ---
ZIPKIN_IMAGE=openzipkin/zipkin:3 ZIPKIN_IMAGE=openzipkin/zipkin:3
ZIPKIN_HEAP=256m ZIPKIN_MIN_HEAP=256M
ZIPKIN_MAX_HEAP=512M
ZIPKIN_PORT=9411:9411 ZIPKIN_PORT=9411:9411
ZIPKIN_ENDPOINT=http://zipkin:9411/api/v2/spans
ZIPKIN_SAMPLING_PROBABILITY=1.0
# --- Mailpit --- # --- MAILPIT ---
MAILPIT_IMAGE=axllent/mailpit:v1.29 MAILPIT_IMAGE=axllent/mailpit:v1.29
MAILPIT_WEB_PORT=8025:8025 MAILPIT_WEB_PORT=8025:8025
MAILPIT_SMTP_PORT=1025:1025 MAILPIT_SMTP_PORT=1025:1025
@ -92,7 +114,7 @@ MAILPIT_SMTP_PORT=1025:1025
# --- PGADMIN --- # --- PGADMIN ---
PGADMIN_IMAGE=dpage/pgadmin4:8 PGADMIN_IMAGE=dpage/pgadmin4:8
PGADMIN_EMAIL=meldestelle@mo-code.at PGADMIN_EMAIL=meldestelle@mo-code.at
PGADMIN_PASSWORD=pgadmin PGADMIN_PASSWORD=<SICHERES_PASSWORT>
PGADMIN_PORT=8888:80 PGADMIN_PORT=8888:80
# --- POSTGRES-EXPORTER --- # --- POSTGRES-EXPORTER ---
@ -109,7 +131,7 @@ PROMETHEUS_PORT=9090:9090
# --- GRAFANA --- # --- GRAFANA ---
GF_IMAGE=grafana/grafana:12.3 GF_IMAGE=grafana/grafana:12.3
GF_ADMIN_USER=gf-admin GF_ADMIN_USER=gf-admin
GF_ADMIN_PASSWORD=gf-password GF_ADMIN_PASSWORD=<SICHERES_PASSWORT>
GF_PORT=3000:3000 GF_PORT=3000:3000
# --- API-GATEWAY --- # --- API-GATEWAY ---
@ -118,9 +140,6 @@ GATEWAY_DEBUG_PORT=5005:5005
GATEWAY_SERVER_PORT=8081 GATEWAY_SERVER_PORT=8081
GATEWAY_SPRING_PROFILES_ACTIVE=docker GATEWAY_SPRING_PROFILES_ACTIVE=docker
GATEWAY_DEBUG=true GATEWAY_DEBUG=true
GATEWAY_SERVICE_NAME=api-gateway
GATEWAY_CONSUL_HOSTNAME=api-gateway
GATEWAY_CONSUL_PREFER_IP=true
# --- PING-SERVICE --- # --- PING-SERVICE ---
PING_SPRING_PROFILES_ACTIVE=docker PING_SPRING_PROFILES_ACTIVE=docker
@ -129,20 +148,20 @@ PING_DEBUG_PORT=5006:5006
PING_SERVER_PORT=8082 PING_SERVER_PORT=8082
PING_DEBUG=true PING_DEBUG=true
PING_SERVICE_NAME=ping-service PING_SERVICE_NAME=ping-service
PING_CONSUL_HOSTNAME=ping-service
PING_CONSUL_PREFER_IP=true PING_CONSUL_PREFER_IP=true
# --- WEB-APP --- # --- WEB-APP ---
CADDY_VERSION=2.11-alpine
WEB_APP_PORT=4000:4000 WEB_APP_PORT=4000:4000
WEB_BUILD_PROFILE=dev
# URL für API-Zugriffe vom Browser (Public URL via Pangolin) # URL für API-Zugriffe vom Browser (Public URL via Pangolin)
# LOKAL: http://localhost:8081 # LOKAL: http://localhost:8081
# SERVER: https://api.mo-code.at # SERVER: https://api.mo-code.at
# SERVER: https://app.mo-code.at (API-Proxy läuft in Caddy unter /api/* gleiche Domain, kein CORS!)
# ALTERNATIV (eigene Domain): https://api.mo-code.at → dann separaten Pangolin-Route anlegen
WEB_APP_API_URL=http://localhost:8081 WEB_APP_API_URL=http://localhost:8081
# URL für Keycloak-Zugriffe vom Browser (Public URL via Pangolin) # URL für Keycloak-Zugriffe vom Browser (Public URL via Pangolin)
# LOKAL: http://localhost:8180 # LOKAL: http://localhost:8180
# SERVER: https://auth.mo-code.at # SERVER: https://auth.mo-code.at
# SERVER: https://auth.mo-code.at → Pangolin-Route: auth.mo-code.at → http://10.0.0.50:8180
WEB_APP_KEYCLOAK_URL=http://localhost:8180 WEB_APP_KEYCLOAK_URL=http://localhost:8180
# --- DESKTOP-APP --- # --- DESKTOP-APP ---

23
config/docker/caddy/web-app/Caddyfile
View File

@ -1,40 +1,43 @@
{ {
# Global options # TLS wird durch Pangolin/Traefik auf dem VPS terminiert hier kein HTTPS nötig
auto_https off auto_https off
servers { servers {
metrics metrics
} }
} }
:4000 { :4000 {
# Root directory # Root-Verzeichnis für statische Assets
root * /usr/share/caddy root * /usr/share/caddy
# Logging # Logging (strukturiert, JSON)
log { log {
output stdout output stdout
format json format json
} }
# Compression # Komprimierung
encode gzip zstd encode gzip zstd
# Configuration Template # Caddy-Template-Engine für config.json (liefert API_BASE_URL & KEYCLOAK_URL an den Browser)
templates { templates {
mime application/json mime application/json
} }
# API Proxy (has priority) # API-Proxy (höchste Priorität vor dem SPA-Fallback)
handle /api/* { handle /api/* {
reverse_proxy api-gateway:8081 reverse_proxy api-gateway:8081
} }
# Health Check # Health-Check-Endpunkt (für Pangolin Health-Check konfigurieren: GET /health)
handle /health { handle /health {
respond "healthy" 200 respond "healthy" 200
} }
# Serve static files if they exist, otherwise serve index.html (SPA) # SPA-Fallback: existierende Dateien direkt ausliefern, sonst index.html
file_server handle {
try_files {path} /index.html try_files {path} /index.html
file_server
}
} }

10
config/docker/caddy/web-app/config.json
View File

@ -1,10 +1,4 @@
{ {
"apiBaseUrl": "{{env " "apiBaseUrl": "{{env `API_BASE_URL`}}",
API_BASE_URL "keycloakUrl": "{{env `KEYCLOAK_URL`}}"
" | default "
"}}",
"keycloakUrl": "{{env "
KEYCLOAK_URL
" | default "
"}}"
} }