mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
212923ae8f
meldestelle/.env.template

208 lines
7.6 KiB
Plaintext
Raw Blame History

# ===================================================================
# Environment Configuration Template - Meldestelle Project
# ===================================================================
# Copy this file to .env and customize the values for your environment
# Security Note: Never commit .env files containing production secrets!
# ===================================================================
# ===================================================================
# Build Configuration
# ===================================================================
# Docker image versions
DOCKER_GRADLE_VERSION=9.0.0
DOCKER_JAVA_VERSION=21
DOCKER_KEYCLOAK_VERSION=26.4.0
DOCKER_PROMETHEUS_VERSION=v2.54.1
DOCKER_GRAFANA_VERSION=11.3.0
# Application version
DOCKER_APP_VERSION=1.0.0
APP_VERSION=1.0.0
APP_NAME=Meldestelle
# Build metadata
BUILD_DATE=
# BUILD_DATE will be auto-generated if not set
# Spring profiles for services
SPRING_PROFILES_ACTIVE=docker,keycloak
DOCKER_SPRING_PROFILES_DEFAULT=default
DOCKER_SPRING_PROFILES_DOCKER=docker
# ===================================================================
# Infrastructure Services - Port Configuration
# ===================================================================
# Database
POSTGRES_DB=meldestelle
# Note: Username and password are now managed via Docker secrets
# Redis Cache
REDIS_PORT=6379
# Keycloak Authentication
KEYCLOAK_PORT=8180
KEYCLOAK_LOG_LEVEL=INFO
# Service Discovery
CONSUL_HOST=consul
CONSUL_PORT=8500
CONSUL_ENABLED=true
# Messaging
ZOOKEEPER_CLIENT_PORT=2181
KAFKA_PORT=9092
KAFKA_BROKER_ID=1
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1
# Monitoring
PROMETHEUS_PORT=9090
GRAFANA_PORT=3000
# ===================================================================
# Application Services - Port Configuration
# ===================================================================
# API Gateway
GATEWAY_HOST=api-gateway
GATEWAY_PORT=8081
# Microservices
PING_SERVICE_PORT=8082
MEMBERS_SERVICE_PORT=8083
HORSES_SERVICE_PORT=8084
EVENTS_SERVICE_PORT=8085
MASTERDATA_SERVICE_PORT=8086
AUTH_SERVICE_PORT=8087
MONITORING_SERVER_PORT=8088
# ===================================================================
# Client Applications - Port Configuration
# ===================================================================
# Web Application
WEB_APP_PORT=4000
WEB_APP_DOMAIN=localhost
NODE_ENV=production
# Nginx Configuration
NGINX_WORKER_PROCESSES=auto
NGINX_WORKER_CONNECTIONS=1024
# Desktop Application
DESKTOP_VNC_WEB_PORT=6080
DESKTOP_VNC_PORT=5901
DESKTOP_APP_DOMAIN=localhost
# ===================================================================
# Security Configuration
# ===================================================================
# JWT Configuration
JWT_ISSUER=meldestelle-auth-server
JWT_AUDIENCE=meldestelle-services
# Note: JWT_SECRET is now managed via Docker secrets
# Generate with: openssl rand -hex 32
# Keycloak Configuration
KEYCLOAK_REALM=meldestelle
KEYCLOAK_CLIENT_ID=api-gateway
# Note: All passwords and secrets are now managed via Docker secrets
# Run: ./docker/secrets/setup-secrets.sh to generate secure secrets
# ===================================================================
# Data Storage Configuration
# ===================================================================
# Data directory for persistent volumes
# Default: ./data (relative to project root)
# Production: /var/lib/meldestelle or dedicated mount point
DATA_PATH=./data
# Volume configuration
# These directories will be created under DATA_PATH:
# - postgres/ (PostgreSQL data)
# - redis/ (Redis data)
# - prometheus/ (Prometheus metrics)
# - grafana/ (Grafana dashboards)
# - keycloak/ (Keycloak data)
# - consul/ (Consul data)
# - monitoring/ (Custom monitoring data)
# - desktop-app/ (Desktop application data)
# ===================================================================
# Development and Testing
# ===================================================================
# Enable debug mode for Java applications
DEBUG=false
# Enable Wasm compilation for client applications
ENABLE_WASM=false
# ===================================================================
# Production Deployment Settings
# ===================================================================
# Container resource limits (configured in docker-compose files)
# These are documented here for reference:
# Infrastructure Services Resource Limits:
# - postgres: 2 CPU, 2GB RAM (reserved: 0.5 CPU, 512MB RAM)
# - redis: 1 CPU, 1GB RAM (reserved: 0.25 CPU, 256MB RAM)
# - keycloak: 2 CPU, 2GB RAM (reserved: 0.5 CPU, 1GB RAM)
# - consul: 1 CPU, 512MB RAM (reserved: 0.25 CPU, 128MB RAM)
# - kafka: 2 CPU, 2GB RAM (reserved: 0.5 CPU, 512MB RAM)
# - zookeeper: 1 CPU, 1GB RAM (reserved: 0.25 CPU, 256MB RAM)
# - prometheus: 1 CPU, 2GB RAM (reserved: 0.25 CPU, 512MB RAM)
# - grafana: 1 CPU, 1GB RAM (reserved: 0.25 CPU, 256MB RAM)
# - api-gateway: 2 CPU, 2GB RAM (reserved: 0.5 CPU, 1GB RAM)
# Microservices Resource Limits:
# - ping-service: 1 CPU, 1GB RAM (reserved: 0.25 CPU, 256MB RAM)
# - members-service: 2 CPU, 2GB RAM (reserved: 0.5 CPU, 512MB RAM)
# - horses-service: 2 CPU, 2GB RAM (reserved: 0.5 CPU, 512MB RAM)
# - events-service: 2 CPU, 2GB RAM (reserved: 0.5 CPU, 512MB RAM)
# - masterdata-service: 1.5 CPU, 1.5GB RAM (reserved: 0.5 CPU, 512MB RAM)
# - auth-server: 1.5 CPU, 1.5GB RAM (reserved: 0.5 CPU, 512MB RAM)
# Client Applications Resource Limits:
# - web-app: 1 CPU, 512MB RAM (reserved: 0.25 CPU, 128MB RAM)
# - desktop-app: 2 CPU, 2GB RAM (reserved: 0.5 CPU, 512MB RAM)
# - monitoring-server: 1 CPU, 1GB RAM (reserved: 0.25 CPU, 256MB RAM)
# ===================================================================
# Security Notes
# ===================================================================
# 1. All passwords and secrets are managed via Docker secrets
# 2. Run ./docker/secrets/setup-secrets.sh to generate secure credentials
# 3. Containers run as non-root users where possible
# 4. Security options: no-new-privileges enabled for all services
# 5. Networks are isolated with custom subnet (172.20.0.0/16)
# 6. Volumes have proper permissions and are mounted read-only where appropriate
# 7. Health checks are configured for all services
# 8. Resource limits prevent resource exhaustion attacks
# ===================================================================
# Usage Instructions
# ===================================================================
# 1. Copy this file: cp .env.template .env
# 2. Customize values in .env for your environment
# 3. Generate secrets: ./docker/secrets/setup-secrets.sh --all
# 4. Create data directories: mkdir -p ./data/{postgres,redis,prometheus,grafana,keycloak,consul}
# 5. Deploy infrastructure: docker-compose -f docker-compose.yml.optimized up -d
# 6. Deploy services: docker-compose -f docker-compose.yml.optimized -f docker-compose.services.yml.optimized up -d
# 7. Deploy clients: docker-compose -f docker-compose.yml.optimized -f docker-compose.services.yml.optimized -f docker-compose.clients.yml.optimized up -d
# ===================================================================
# Monitoring and Logging
# ===================================================================
# Access URLs (when running with default ports):
# - Grafana Dashboard: http://localhost:3000 (admin credentials in secrets)
# - Prometheus Metrics: http://localhost:9090
# - Consul UI: http://localhost:8500
# - Keycloak Admin: http://localhost:8180/admin (admin credentials in secrets)
# - API Gateway: http://localhost:8081
# - Web Application: http://localhost:4000
# - Desktop VNC: http://localhost:6080
# Log locations (inside containers):
# - Application logs: /app/logs/
# - Nginx logs: /var/log/nginx/
# - System logs: journalctl -u docker
Reference in New Issue View Git Blame Copy Permalink