255 lines
7.8 KiB
Plaintext
255 lines
7.8 KiB
Plaintext
# ==========================================
|
||
# Meldestelle – Docker Compose Environment
|
||
# Single Source of Truth (SSoT)
|
||
# ==========================================
|
||
# ANLEITUNG:
|
||
# 1. Diese Datei nach ".env" kopieren: cp .env.example .env
|
||
# 2. Alle Werte mit <PLACEHOLDER> durch echte Werte ersetzen
|
||
# 3. Für lokale Entwicklung: KC_COMMAND=start-dev --import-realm
|
||
# Für Server/Produktion: KC_COMMAND=start --optimized --import-realm
|
||
# WARNING: Die .env-Datei enthält Secrets – NIEMALS in Git committen!
|
||
|
||
# --- PROJECT ---
|
||
PROJECT_NAME=meldestelle
|
||
|
||
# --- BACKUP ---
|
||
# SERVER: Pfad zum Backup-Verzeichnis (z.B. /home/<USER>/backups/meldestelle)
|
||
BACKUP_DIR=/home/<USER>/backups/meldestelle
|
||
BACKUP_RETENTION_DAYS=7
|
||
|
||
# --- DOCKER BUILD & REGISTRY ---
|
||
DOCKER_REGISTRY=git.mo-code.at/mocode-software/meldestelle
|
||
DOCKER_TAG=latest
|
||
DOCKER_VERSION=1.0.0-SNAPSHOT
|
||
DOCKER_BUILD_DATE=2026-03-15T12:00:00Z
|
||
DOCKER_GRADLE_VERSION=9.3.1
|
||
DOCKER_JAVA_VERSION=25
|
||
DOCKER_NODE_VERSION=24.12.0
|
||
DOCKER_CADDY_VERSION=2.11-alpine
|
||
# ARM64 spezifische JVM-Optionen (leer lassen auf x86/amd64, z.B. auf Apple Silicon)
|
||
# Beispiel ARM64: JVM_OPTS_ARM64=-XX:UseSVE=0
|
||
JVM_OPTS_ARM64=
|
||
|
||
# --- POSTGRES ---
|
||
POSTGRES_IMAGE=postgres:16-alpine
|
||
POSTGRES_USER=<DB_USER>
|
||
POSTGRES_PASSWORD=<SICHERES_PASSWORT>
|
||
POSTGRES_DB=pg-meldestelle-db
|
||
POSTGRES_PORT=5432:5432
|
||
POSTGRES_DB_URL=jdbc:postgresql://postgres:5432/pg-meldestelle-db
|
||
# PostgreSQL Performance Tuning
|
||
POSTGRES_SHARED_BUFFERS=256MB
|
||
POSTGRES_EFFECTIVE_CACHE_SIZE=768MB
|
||
|
||
# --- VALKEY ---
|
||
VALKEY_IMAGE=valkey/valkey:9-alpine
|
||
VALKEY_PASSWORD=<SICHERES_PASSWORT>
|
||
VALKEY_PORT=6379:6379
|
||
VALKEY_SERVER_HOSTNAME=valkey
|
||
VALKEY_SERVER_PORT=6379
|
||
VALKEY_SERVER_CONNECT_TIMEOUT=5s
|
||
VALKEY_POLICY=allkeys-lru
|
||
VALKEY_MAX_MEMORY=256mb
|
||
|
||
# --- KEYCLOAK ---
|
||
KEYCLOAK_IMAGE_TAG=26.5.5
|
||
KC_HEAP_MIN=512M
|
||
KC_HEAP_MAX=1024M
|
||
# LOKAL: start-dev --import-realm
|
||
# SERVER: start --optimized --import-realm ← pre-built Registry-Image, kein start-dev!
|
||
KC_COMMAND=start --optimized --import-realm
|
||
KC_ADMIN_USERNAME=kc-admin
|
||
KC_ADMIN_PASSWORD=<SICHERES_PASSWORT>
|
||
KC_DB=postgres
|
||
KC_DB_SCHEMA=keycloak
|
||
KC_DB_URL=jdbc:postgresql://postgres:5432/pg-meldestelle-db
|
||
KC_DB_USERNAME=<DB_USER>
|
||
KC_DB_PASSWORD=<SICHERES_PASSWORT>
|
||
# SERVER: Public Domain (z.B. auth.mo-code.at) – ohne http/https Prefix!
|
||
# LOKAL: localhost
|
||
# SERVER: auth.mo-code.at
|
||
KC_HOSTNAME=<SERVER_IP_ODER_DOMAIN>
|
||
# false = Zugriff über beliebige Hostnamen erlaubt (nötig ohne TLS / für HTTP-Betrieb)
|
||
KC_HOSTNAME_STRICT=false
|
||
KC_HOSTNAME_STRICT_HTTPS=false
|
||
KC_PORT=8180:8080
|
||
KC_MANAGEMENT_PORT=9000:9000
|
||
# Keycloak Client Secrets (müssen mit meldestelle-realm.json übereinstimmen)
|
||
KC_API_GATEWAY_CLIENT_SECRET=<SICHERES_SECRET>
|
||
KC_POSTMAN_CLIENT_SECRET=<SICHERES_SECRET>
|
||
# Bootstrap Admin-User Passwort (nur für Realm-Import, danach ändern!)
|
||
KC_BOOTSTRAP_ADMIN_PASSWORD=<SICHERES_PASSWORT>
|
||
# Frontend URL: Public-URL des Keycloak (für Token-Issuer im Browser)
|
||
# LOKAL: http://localhost:8180
|
||
# SERVER: https://auth.mo-code.at
|
||
KC_FRONTEND_URL=http://localhost:8180
|
||
|
||
# --- KEYCLOAK TOKEN VALIDATION ---
|
||
# Public Issuer URI: muss mit dem Hostname übereinstimmen, den Browser/App sieht
|
||
# LOKAL: http://localhost:8180/realms/meldestelle
|
||
# SERVER: https://auth.mo-code.at/realms/meldestelle (via Pangolin)
|
||
KC_ISSUER_URI=http://<SERVER_IP_ODER_DOMAIN>:8180/realms/meldestelle
|
||
# SERVER: https://auth.mo-code.at/realms/meldestelle
|
||
# Internal JWK Set URI: Service-zu-Service innerhalb Docker (immer keycloak:8080)
|
||
KC_JWK_SET_URI=http://keycloak:8080/realms/meldestelle/protocol/openid-connect/certs
|
||
|
||
# --- CONSUL ---
|
||
CONSUL_IMAGE=hashicorp/consul:1.22.1
|
||
CONSUL_PORT=8500:8500
|
||
CONSUL_UDP_PORT=8600:8600/udp
|
||
CONSUL_HOST=consul
|
||
# Separater HTTP-Port (ohne Mapping) für Service-zu-Service Kommunikation (ping-service)
|
||
CONSUL_HTTP_PORT=8500
|
||
|
||
# --- SPRING CLOUD CONSUL (api-gateway) ---
|
||
SPRING_CLOUD_CONSUL_HOST=consul
|
||
SPRING_CLOUD_CONSUL_PORT=8500
|
||
SPRING_CLOUD_CONSUL_DISCOVERY_SERVICE_NAME=api-gateway
|
||
SPRING_CLOUD_CONSUL_DISCOVERY_PREFER_IP_ADDRESS=true
|
||
|
||
# --- ZIPKIN ---
|
||
ZIPKIN_IMAGE=openzipkin/zipkin:3
|
||
ZIPKIN_MIN_HEAP=256M
|
||
ZIPKIN_MAX_HEAP=512M
|
||
ZIPKIN_PORT=9411:9411
|
||
ZIPKIN_ENDPOINT=http://zipkin:9411/api/v2/spans
|
||
ZIPKIN_SAMPLING_PROBABILITY=1.0
|
||
|
||
# --- MAILPIT ---
|
||
MAILPIT_IMAGE=axllent/mailpit:v1.29
|
||
MAILPIT_WEB_PORT=8025:8025
|
||
MAILPIT_SMTP_PORT=1025:1025
|
||
|
||
# --- PGADMIN ---
|
||
PGADMIN_IMAGE=dpage/pgadmin4:8
|
||
PGADMIN_EMAIL=meldestelle@mo-code.at
|
||
PGADMIN_PASSWORD=<SICHERES_PASSWORT>
|
||
PGADMIN_PORT=8888:80
|
||
|
||
# --- POSTGRES-EXPORTER ---
|
||
POSTGRES_EXPORTER_IMAGE=prometheuscommunity/postgres-exporter:v0.18.0
|
||
|
||
# --- ALERTMANAGER ---
|
||
ALERTMANAGER_IMAGE=prom/alertmanager:v0.29.0
|
||
ALERTMANAGER_PORT=9093:9093
|
||
|
||
# --- PROMETHEUS ---
|
||
PROMETHEUS_IMAGE=prom/prometheus:v3.7.3
|
||
PROMETHEUS_PORT=9090:9090
|
||
|
||
# --- GRAFANA ---
|
||
GF_IMAGE=grafana/grafana:12.3
|
||
GF_ADMIN_USER=gf-admin
|
||
GF_ADMIN_PASSWORD=<SICHERES_PASSWORT>
|
||
GF_PORT=3000:3000
|
||
|
||
# --- API-GATEWAY ---
|
||
GATEWAY_PORT=8081:8081
|
||
GATEWAY_DEBUG_PORT=5005:5005
|
||
GATEWAY_SERVER_PORT=8081
|
||
GATEWAY_SPRING_PROFILES_ACTIVE=docker
|
||
GATEWAY_DEBUG=true
|
||
|
||
# --- PING-SERVICE ---
|
||
PING_SPRING_PROFILES_ACTIVE=docker
|
||
PING_PORT=8082:8082
|
||
PING_DEBUG_PORT=5006:5006
|
||
PING_SERVER_PORT=8082
|
||
PING_DEBUG=true
|
||
PING_SERVICE_NAME=ping-service
|
||
PING_CONSUL_PREFER_IP=true
|
||
|
||
# --- MAIL-SERVICE ---
|
||
MAIL_PORT=8083:8085
|
||
MAIL_DEBUG_PORT=5014:5014
|
||
MAIL_SERVER_PORT=8085
|
||
MAIL_SPRING_PROFILES_ACTIVE=docker
|
||
MAIL_DEBUG=true
|
||
MAIL_SERVICE_NAME=mail-service
|
||
MAIL_CONSUL_PREFER_IP=true
|
||
MAIL_SMTP_HOST=smtp.world4you.com
|
||
MAIL_SMTP_PORT=587
|
||
MAIL_SMTP_USER=online-nennen@mo-code.at
|
||
MAIL_SMTP_PASSWORD=<DEIN_WORLD4YOU_PASSWORT>
|
||
MAIL_SMTP_AUTH=true
|
||
MAIL_SMTP_STARTTLS=true
|
||
|
||
# --- MASTERDATA-SERVICE ---
|
||
MASTERDATA_PORT=8086:8086
|
||
MASTERDATA_DEBUG_PORT=5007:5007
|
||
MASTERDATA_SERVER_PORT=8086
|
||
MASTERDATA_SPRING_PROFILES_ACTIVE=docker
|
||
MASTERDATA_DEBUG=true
|
||
MASTERDATA_SERVICE_NAME=masterdata-service
|
||
MASTERDATA_CONSUL_PREFER_IP=true
|
||
|
||
# --- EVENTS-SERVICE ---
|
||
EVENTS_PORT=8085:8085
|
||
EVENTS_DEBUG_PORT=5008:5008
|
||
EVENTS_SERVER_PORT=8085
|
||
EVENTS_SPRING_PROFILES_ACTIVE=docker
|
||
EVENTS_DEBUG=true
|
||
EVENTS_SERVICE_NAME=events-service
|
||
EVENTS_CONSUL_PREFER_IP=true
|
||
|
||
# --- ZNS-IMPORT-SERVICE ---
|
||
ZNS_IMPORT_PORT=8095:8095
|
||
ZNS_IMPORT_DEBUG_PORT=5009:5009
|
||
ZNS_IMPORT_SERVER_PORT=8095
|
||
ZNS_IMPORT_SPRING_PROFILES_ACTIVE=docker
|
||
ZNS_IMPORT_DEBUG=true
|
||
ZNS_IMPORT_SERVICE_NAME=zns-import-service
|
||
ZNS_IMPORT_CONSUL_PREFER_IP=true
|
||
|
||
# --- RESULTS-SERVICE ---
|
||
RESULTS_PORT=8088:8088
|
||
RESULTS_DEBUG_PORT=5010:5010
|
||
RESULTS_SERVER_PORT=8088
|
||
RESULTS_SPRING_PROFILES_ACTIVE=docker
|
||
RESULTS_DEBUG=true
|
||
RESULTS_SERVICE_NAME=results-service
|
||
RESULTS_CONSUL_PREFER_IP=true
|
||
|
||
# --- BILLING-SERVICE ---
|
||
BILLING_PORT=8087:8087
|
||
BILLING_DEBUG_PORT=5012:5012
|
||
BILLING_SERVER_PORT=8087
|
||
BILLING_SPRING_PROFILES_ACTIVE=docker
|
||
BILLING_DEBUG=true
|
||
BILLING_SERVICE_NAME=billing-service
|
||
BILLING_CONSUL_PREFER_IP=true
|
||
|
||
# --- SCHEDULING-SERVICE ---
|
||
SCHEDULING_PORT=8084:8084
|
||
SCHEDULING_DEBUG_PORT=5013:5013
|
||
SCHEDULING_SERVER_PORT=8084
|
||
SCHEDULING_SPRING_PROFILES_ACTIVE=docker
|
||
SCHEDULING_DEBUG=true
|
||
SCHEDULING_SERVICE_NAME=scheduling-service
|
||
SCHEDULING_CONSUL_PREFER_IP=true
|
||
|
||
# --- SERIES-SERVICE ---
|
||
SERIES_PORT=8089:8089
|
||
SERIES_DEBUG_PORT=5011:5011
|
||
SERIES_SERVER_PORT=8089
|
||
SERIES_SPRING_PROFILES_ACTIVE=docker
|
||
SERIES_DEBUG=true
|
||
|
||
# --- WEB-APP ---
|
||
WEB_APP_PORT=4000:4000
|
||
# URL für API-Zugriffe vom Browser (Public URL via Pangolin)
|
||
# LOKAL: http://localhost:8081
|
||
# SERVER: https://api.mo-code.at
|
||
# SERVER: https://app.mo-code.at (API-Proxy läuft in Caddy unter /api/* – gleiche Domain, kein CORS!)
|
||
# ALTERNATIV (eigene Domain): https://api.mo-code.at → dann separaten Pangolin-Route anlegen
|
||
WEB_APP_API_URL=http://localhost:8081
|
||
# URL für Keycloak-Zugriffe vom Browser (Public URL via Pangolin)
|
||
# LOKAL: http://localhost:8180
|
||
# SERVER: https://auth.mo-code.at
|
||
# SERVER: https://auth.mo-code.at → Pangolin-Route: auth.mo-code.at → http://10.0.0.50:8180
|
||
WEB_APP_KEYCLOAK_URL=http://localhost:8180
|
||
|
||
# --- DESKTOP-APP ---
|
||
DESKTOP_APP_VNC_PORT=5901:5901
|
||
DESKTOP_APP_NOVNC_PORT=6080:6080
|