# =================================================================== # Environment Configuration Template - Meldestelle Project # =================================================================== # Copy this file to .env and customize the values for your environment # Security Note: Never commit .env files containing production secrets! # =================================================================== # =================================================================== # Build Configuration # =================================================================== # Docker image versions DOCKER_GRADLE_VERSION=9.0.0 DOCKER_JAVA_VERSION=21 DOCKER_KEYCLOAK_VERSION=26.4.0 DOCKER_PROMETHEUS_VERSION=v2.54.1 DOCKER_GRAFANA_VERSION=11.3.0 # Application version DOCKER_APP_VERSION=1.0.0 APP_VERSION=1.0.0 APP_NAME=Meldestelle # Build metadata BUILD_DATE= # BUILD_DATE will be auto-generated if not set # Spring profiles for services SPRING_PROFILES_ACTIVE=docker,keycloak DOCKER_SPRING_PROFILES_DEFAULT=default DOCKER_SPRING_PROFILES_DOCKER=docker # =================================================================== # Infrastructure Services - Port Configuration # =================================================================== # Database POSTGRES_DB=meldestelle # Note: Username and password are now managed via Docker secrets # Redis Cache REDIS_PORT=6379 # Keycloak Authentication KEYCLOAK_PORT=8180 KEYCLOAK_LOG_LEVEL=INFO # Service Discovery CONSUL_HOST=consul CONSUL_PORT=8500 CONSUL_ENABLED=true # Messaging ZOOKEEPER_CLIENT_PORT=2181 KAFKA_PORT=9092 KAFKA_BROKER_ID=1 KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1 # Monitoring PROMETHEUS_PORT=9090 GRAFANA_PORT=3000 # =================================================================== # Application Services - Port Configuration # =================================================================== # API Gateway GATEWAY_HOST=api-gateway GATEWAY_PORT=8081 # Microservices PING_SERVICE_PORT=8082 MEMBERS_SERVICE_PORT=8083 HORSES_SERVICE_PORT=8084 EVENTS_SERVICE_PORT=8085 MASTERDATA_SERVICE_PORT=8086 AUTH_SERVICE_PORT=8087 MONITORING_SERVER_PORT=8088 # =================================================================== # Client Applications - Port Configuration # =================================================================== # Web Application WEB_APP_PORT=4000 WEB_APP_DOMAIN=localhost NODE_ENV=production # Nginx Configuration NGINX_WORKER_PROCESSES=auto NGINX_WORKER_CONNECTIONS=1024 # Desktop Application DESKTOP_VNC_WEB_PORT=6080 DESKTOP_VNC_PORT=5901 DESKTOP_APP_DOMAIN=localhost # =================================================================== # Security Configuration # =================================================================== # JWT Configuration JWT_ISSUER=meldestelle-auth-server JWT_AUDIENCE=meldestelle-services # Note: JWT_SECRET is now managed via Docker secrets # Generate with: openssl rand -hex 32 # Keycloak Configuration KEYCLOAK_REALM=meldestelle KEYCLOAK_CLIENT_ID=api-gateway # Note: All passwords and secrets are now managed via Docker secrets # Run: ./docker/secrets/setup-secrets.sh to generate secure secrets # =================================================================== # Data Storage Configuration # =================================================================== # Data directory for persistent volumes # Default: ./data (relative to project root) # Production: /var/lib/meldestelle or dedicated mount point DATA_PATH=./data # Volume configuration # These directories will be created under DATA_PATH: # - postgres/ (PostgreSQL data) # - redis/ (Redis data) # - prometheus/ (Prometheus metrics) # - grafana/ (Grafana dashboards) # - keycloak/ (Keycloak data) # - consul/ (Consul data) # - monitoring/ (Custom monitoring data) # - desktop-app/ (Desktop application data) # =================================================================== # Development and Testing # =================================================================== # Enable debug mode for Java applications DEBUG=false # Enable Wasm compilation for client applications ENABLE_WASM=false # =================================================================== # Production Deployment Settings # =================================================================== # Container resource limits (configured in docker-compose files) # These are documented here for reference: # Infrastructure Services Resource Limits: # - postgres: 2 CPU, 2GB RAM (reserved: 0.5 CPU, 512MB RAM) # - redis: 1 CPU, 1GB RAM (reserved: 0.25 CPU, 256MB RAM) # - keycloak: 2 CPU, 2GB RAM (reserved: 0.5 CPU, 1GB RAM) # - consul: 1 CPU, 512MB RAM (reserved: 0.25 CPU, 128MB RAM) # - kafka: 2 CPU, 2GB RAM (reserved: 0.5 CPU, 512MB RAM) # - zookeeper: 1 CPU, 1GB RAM (reserved: 0.25 CPU, 256MB RAM) # - prometheus: 1 CPU, 2GB RAM (reserved: 0.25 CPU, 512MB RAM) # - grafana: 1 CPU, 1GB RAM (reserved: 0.25 CPU, 256MB RAM) # - api-gateway: 2 CPU, 2GB RAM (reserved: 0.5 CPU, 1GB RAM) # Microservices Resource Limits: # - ping-service: 1 CPU, 1GB RAM (reserved: 0.25 CPU, 256MB RAM) # - members-service: 2 CPU, 2GB RAM (reserved: 0.5 CPU, 512MB RAM) # - horses-service: 2 CPU, 2GB RAM (reserved: 0.5 CPU, 512MB RAM) # - events-service: 2 CPU, 2GB RAM (reserved: 0.5 CPU, 512MB RAM) # - masterdata-service: 1.5 CPU, 1.5GB RAM (reserved: 0.5 CPU, 512MB RAM) # - auth-server: 1.5 CPU, 1.5GB RAM (reserved: 0.5 CPU, 512MB RAM) # Client Applications Resource Limits: # - web-app: 1 CPU, 512MB RAM (reserved: 0.25 CPU, 128MB RAM) # - desktop-app: 2 CPU, 2GB RAM (reserved: 0.5 CPU, 512MB RAM) # - monitoring-server: 1 CPU, 1GB RAM (reserved: 0.25 CPU, 256MB RAM) # =================================================================== # Security Notes # =================================================================== # 1. All passwords and secrets are managed via Docker secrets # 2. Run ./docker/secrets/setup-secrets.sh to generate secure credentials # 3. Containers run as non-root users where possible # 4. Security options: no-new-privileges enabled for all services # 5. Networks are isolated with custom subnet (172.20.0.0/16) # 6. Volumes have proper permissions and are mounted read-only where appropriate # 7. Health checks are configured for all services # 8. Resource limits prevent resource exhaustion attacks # =================================================================== # Usage Instructions # =================================================================== # 1. Copy this file: cp .env.template .env # 2. Customize values in .env for your environment # 3. Generate secrets: ./docker/secrets/setup-secrets.sh --all # 4. Create data directories: mkdir -p ./data/{postgres,redis,prometheus,grafana,keycloak,consul} # 5. Deploy infrastructure: docker-compose -f docker-compose.yml.optimized up -d # 6. Deploy services: docker-compose -f docker-compose.yml.optimized -f docker-compose.services.yml.optimized up -d # 7. Deploy clients: docker-compose -f docker-compose.yml.optimized -f docker-compose.services.yml.optimized -f docker-compose.clients.yml.optimized up -d # =================================================================== # Monitoring and Logging # =================================================================== # Access URLs (when running with default ports): # - Grafana Dashboard: http://localhost:3000 (admin credentials in secrets) # - Prometheus Metrics: http://localhost:9090 # - Consul UI: http://localhost:8500 # - Keycloak Admin: http://localhost:8180/admin (admin credentials in secrets) # - API Gateway: http://localhost:8081 # - Web Application: http://localhost:4000 # - Desktop VNC: http://localhost:6080 # Log locations (inside containers): # - Application logs: /app/logs/ # - Nginx logs: /var/log/nginx/ # - System logs: journalctl -u docker