From 0ba4aae9f10882c66806e38fff324889e53f9af6 Mon Sep 17 00:00:00 2001 From: Jonas Stahl Date: Sun, 6 Oct 2024 15:27:52 +0200 Subject: [PATCH 1/3] =?UTF-8?q?=F0=9F=94=A7=20Adjust=20properties,=20adjus?= =?UTF-8?q?t=20keycloak=20config?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.yaml | 31 ++++++++++++++++------- pom.xml | 2 +- src/main/resources/application.properties | 13 +++++----- 3 files changed, 30 insertions(+), 16 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 3f7ac68f..4c175be8 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -7,7 +7,11 @@ services: environment: TURNIERPLANER_LANGUAGE: de TURNIERPLANER_REGISTRATION_EXPIRE: 30 - TURNIERPLANER_ADMIN_VERIFICATION_NEEDED: "true" + TURNIERPLANER_ADMIN_VERIFICATION_NEEDED: true + + # remove next to line for a clean setup without testdata + TURNIERPLANER_TESTDATA: true + QUARKUS_HIBERNATE_ORM_DATABASE_GENERATION: drop-and-create QUARKUS_DATASOURCE_USERNAME: turnierplaner QUARKUS_DATASOURCE_PASSWORD: turnierplaner @@ -17,7 +21,9 @@ services: QUARKUS_HTTP_CORS_ORIGINS: "*" QUARKUS_HTTP_PORT: 8080 - OIDC_FRONTEND: http://localhost:7777/realms/Quarkus + TURNIERPLANER_REALM: Quarkus + TURNIERPLANER_OIDC_FRONTEND: http://localhost:7777/realms/Quarkus + QUARKUS_OIDC_TOKEN_ISSUER: http://localhost:7777/realms/Quarkus QUARKUS_KEYCLOAK_ADMIN_CLIENT_SERVER_URL: http://keycloak:8080 QUARKUS_OIDC_AUTH_SERVER_URL: http://keycloak:8080/realms/Quarkus @@ -59,7 +65,9 @@ services: networks: - turnierplaner_network - + # example keycloak configuration + # no tls configured + # -> only use for local testing or behind an edge reverse proxy keycloak: restart: on-failure:5 container_name: keycloak-app @@ -69,18 +77,23 @@ services: KC_DB_URL: jdbc:postgresql://keycloak_db/keycloak KC_DB_USERNAME: ${POSTGRES_USER:-keycloak} KC_DB_PASSWORD: ${POSTGRES_PASSWORD:-eX4mP13p455w0Rd} + + # use for local tests KC_HOSTNAME_STRICT: false -# KC_HOSTNAME: ${KC_HOSTNAME:-your.domain} -# KC_HOSTNAME_BACKCHANNEL_DYNAMIC: true + + # use for prod system + # KC_HOSTNAME: ${KC_HOSTNAME:-your.domain} + # KC_HOSTNAME_BACKCHANNEL_DYNAMIC: true + KC_HTTP_ENABLED: true - HTTP_ADDRESS_FORWARDING: true + KC_PROXY_HEADERS: xforwarded + + # always set a new admin account after the first start! KEYCLOAK_ADMIN: admin KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin} - KC_HEALTH_ENABLED: true - KC_METRICS_ENABLED: true command: start ports: - - 7777:8080 + - 7777:8080 # remove this behind a reverse proxy depends_on: keycloak_db: condition: service_healthy diff --git a/pom.xml b/pom.xml index b30d5e2f..f01db188 100644 --- a/pom.xml +++ b/pom.xml @@ -7,7 +7,7 @@ de.secretj12.turnierplaner main - 1.0.0-SNAPSHOT + 0.0.2 21 diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 13e170b6..8e0c1585 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,10 +1,10 @@ # properties turnierplaner.club-name=title -turnierplaner.language=de -turnierplaner.registration.expire=30 -turnierplaner.admin-verification-needed=true -turnierplaner.keycloak.realm=Quarkus -turnierplaner.frontend.oidc=${OIDC_FRONTEND:http://localhost:7777/realms/Quarkus} +turnierplaner.language=${TURNIERPLANER_LANGUAGE:de} +turnierplaner.registration.expire=${TURNIERPLANER_REGISTRATION_EXPIRE:30} +turnierplaner.admin-verification-needed=${TURNIERPLANER_ADMIN_VERIFICATION_NEEDED:true} +turnierplaner.keycloak.realm=${TURNIERPLANER_REALM:Quarkus} +turnierplaner.frontend.oidc=${TURNIERPLANER_OIDC_FRONTEND:http://localhost:7777/realms/Quarkus} # key cloak admin quarkus.keycloak.admin-client.server-url=http://localhost:7777 @@ -29,6 +29,7 @@ quarkus.live-reload.instrumentation=true %dev.quarkus.datasource.jdbc.url=jdbc:postgresql://localhost:5432/hibernate # drop and create the database at startup (use `update` to only update the schema) quarkus.hibernate-orm.database.generation=drop-and-create +%prod.quarkus.hibernate-orm.database.generation=update # OIDC Configuration %prod.quarkus.oidc.auth-server-url=https://localhost:8080/realms/Quarkus quarkus.oidc.client-id=backend-quarkus @@ -48,7 +49,7 @@ quarkus.log.category."io.quarkus.oidc.runtime.OidcProvider".level=DEBUG # Turnierplaner configuration %dev.turnierplaner.testdata=true -turnierplaner.testdata=false +turnierplaner.testdata=${TURNIERPLANER_TESTDATA:false} #SMTP quarkus.mailer.from=${MAIL_FROM} From d5222c849bdde313c13b7c0b773da47be74a1017 Mon Sep 17 00:00:00 2001 From: Jonas Stahl Date: Sun, 6 Oct 2024 15:44:28 +0200 Subject: [PATCH 2/3] =?UTF-8?q?=F0=9F=94=A7=20Configure=20turnierplaner=20?= =?UTF-8?q?prod=20config?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.yaml | 29 +++++++++++++++-------- src/main/resources/application.properties | 1 + 2 files changed, 20 insertions(+), 10 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 4c175be8..4501c7ad 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -9,6 +9,9 @@ services: TURNIERPLANER_REGISTRATION_EXPIRE: 30 TURNIERPLANER_ADMIN_VERIFICATION_NEEDED: true + TURNIERPLANER_REALM: Quarkus # used by user query for admin + TURNIERPLANER_OIDC_FRONTEND: http://localhost:7777/realms/Quarkus # address used by frontend + # remove next to line for a clean setup without testdata TURNIERPLANER_TESTDATA: true QUARKUS_HIBERNATE_ORM_DATABASE_GENERATION: drop-and-create @@ -18,18 +21,16 @@ services: QUARKUS_DATASOURCE_JDBC_URL: jdbc:postgresql://turnierplaner_db/turnierplaner QUARKUS_HTTP_CORS: "true" - QUARKUS_HTTP_CORS_ORIGINS: "*" + # QUARKUS_HTTP_HOST: "https://your.domain" + QUARKUS_HTTP_CORS_ORIGINS: "*" # set domain for prod + # QUARKUS_HTTP_CORS_ORIGINS: "https://your.domain" QUARKUS_HTTP_PORT: 8080 - TURNIERPLANER_REALM: Quarkus - TURNIERPLANER_OIDC_FRONTEND: http://localhost:7777/realms/Quarkus - - QUARKUS_OIDC_TOKEN_ISSUER: http://localhost:7777/realms/Quarkus - QUARKUS_KEYCLOAK_ADMIN_CLIENT_SERVER_URL: http://keycloak:8080 - QUARKUS_OIDC_AUTH_SERVER_URL: http://keycloak:8080/realms/Quarkus + QUARKUS_KEYCLOAK_ADMIN_CLIENT_SERVER_URL: http://keycloak:8080 # use for user management, can be container address + QUARKUS_OIDC_AUTH_SERVER_URL: http://keycloak:8080/realms/Quarkus # used by backend, can be container address QUARKUS_OIDC_CLIENT_ID: backend-quarkus QUARKUS_OIDC_CREDENTIALS_SECRET: '**********' - QUARKUS_OIDC_TLS_VERIFICATION: none + QUARKUS_OIDC_TLS_VERIFICATION: none # only for use behind reverse proxy! QUARKUS_MAILER_FROM: ${MAIL_FROM} QUARKUS_MAILER_HOST: ${MAIL_HOST} @@ -78,7 +79,7 @@ services: KC_DB_USERNAME: ${POSTGRES_USER:-keycloak} KC_DB_PASSWORD: ${POSTGRES_PASSWORD:-eX4mP13p455w0Rd} - # use for local tests + # use only for local tests KC_HOSTNAME_STRICT: false # use for prod system @@ -86,11 +87,19 @@ services: # KC_HOSTNAME_BACKCHANNEL_DYNAMIC: true KC_HTTP_ENABLED: true - KC_PROXY_HEADERS: xforwarded + # enable for usage behind reverse proxy, xforward headers need to be set! + # KC_PROXY_HEADERS: xforwarded + # use this to check if headers are set correctly + # https://your-domain/realms/master/hostname-debug + # KC_HOSTNAME_DEBUG: true # always set a new admin account after the first start! KEYCLOAK_ADMIN: admin KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin} + + # used to determine healthiness of container + KC_HEALTH_ENABLED: true + KC_METRICS_ENABLED: true command: start ports: - 7777:8080 # remove this behind a reverse proxy diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 8e0c1585..064c4ccd 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -35,6 +35,7 @@ quarkus.hibernate-orm.database.generation=drop-and-create quarkus.oidc.client-id=backend-quarkus quarkus.oidc.credentials.secret=********** quarkus.oidc.tls.verification=none +quarkus.oidc.token.issuer=${TURNIERPLANER_OIDC_FRONTEND} quarkus.keycloak.devservices.port=7777 quarkus.keycloak.devservices.realm-path=keycloak_realm.json From 0a7083e6dd85317337e49fefcacf1064fc1158c4 Mon Sep 17 00:00:00 2001 From: Jonas Stahl Date: Sun, 6 Oct 2024 15:46:25 +0200 Subject: [PATCH 3/3] =?UTF-8?q?=F0=9F=94=A7=20Title=20config=20property=20?= =?UTF-8?q?from=20environment?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.yaml | 4 +++- src/main/resources/application.properties | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 4501c7ad..7e50394f 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -5,6 +5,8 @@ services: dockerfile: src/main/docker/Dockerfile.jvm container_name: turnierplaner-app environment: + # title uses the default Turnierplaner text + TURNIERPLANER_TITLE: title TURNIERPLANER_LANGUAGE: de TURNIERPLANER_REGISTRATION_EXPIRE: 30 TURNIERPLANER_ADMIN_VERIFICATION_NEEDED: true @@ -20,7 +22,7 @@ services: QUARKUS_DATASOURCE_PASSWORD: turnierplaner QUARKUS_DATASOURCE_JDBC_URL: jdbc:postgresql://turnierplaner_db/turnierplaner - QUARKUS_HTTP_CORS: "true" + QUARKUS_HTTP_CORS: true # QUARKUS_HTTP_HOST: "https://your.domain" QUARKUS_HTTP_CORS_ORIGINS: "*" # set domain for prod # QUARKUS_HTTP_CORS_ORIGINS: "https://your.domain" diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 064c4ccd..9037290c 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,5 +1,5 @@ # properties -turnierplaner.club-name=title +turnierplaner.club-name=${TURNIERPLANER_TITLE:title} turnierplaner.language=${TURNIERPLANER_LANGUAGE:de} turnierplaner.registration.expire=${TURNIERPLANER_REGISTRATION_EXPIRE:30} turnierplaner.admin-verification-needed=${TURNIERPLANER_ADMIN_VERIFICATION_NEEDED:true}