Adjust prod config

docker-compose.yaml

@@ -5,25 +5,34 @@ services:
       dockerfile: src/main/docker/Dockerfile.jvm
     container_name: turnierplaner-app
     environment:
+      # title uses the default Turnierplaner text
+      TURNIERPLANER_TITLE: title
       TURNIERPLANER_LANGUAGE: de
       TURNIERPLANER_REGISTRATION_EXPIRE: 30
-      TURNIERPLANER_ADMIN_VERIFICATION_NEEDED: "true"
+      TURNIERPLANER_ADMIN_VERIFICATION_NEEDED: true
+
+      TURNIERPLANER_REALM: Quarkus # used by user query for admin
+      TURNIERPLANER_OIDC_FRONTEND: http://localhost:7777/realms/Quarkus # address used by frontend
+
+      # remove next to line for a clean setup without testdata
+      TURNIERPLANER_TESTDATA: true
+      QUARKUS_HIBERNATE_ORM_DATABASE_GENERATION: drop-and-create
 
       QUARKUS_DATASOURCE_USERNAME: turnierplaner
       QUARKUS_DATASOURCE_PASSWORD: turnierplaner
       QUARKUS_DATASOURCE_JDBC_URL: jdbc:postgresql://turnierplaner_db/turnierplaner
 
-      QUARKUS_HTTP_CORS: "true"
-      QUARKUS_HTTP_CORS_ORIGINS: "*"
+      QUARKUS_HTTP_CORS: true
+      # QUARKUS_HTTP_HOST: "https://your.domain"
+      QUARKUS_HTTP_CORS_ORIGINS: "*" # set domain for prod
+      # QUARKUS_HTTP_CORS_ORIGINS: "https://your.domain"
       QUARKUS_HTTP_PORT: 8080
 
-      OIDC_FRONTEND: http://localhost:7777/realms/Quarkus
-      QUARKUS_OIDC_TOKEN_ISSUER: http://localhost:7777/realms/Quarkus
-      QUARKUS_KEYCLOAK_ADMIN_CLIENT_SERVER_URL: http://keycloak:8080
-      QUARKUS_OIDC_AUTH_SERVER_URL: http://keycloak:8080/realms/Quarkus
+      QUARKUS_KEYCLOAK_ADMIN_CLIENT_SERVER_URL: http://keycloak:8080 # use for user management, can be container address
+      QUARKUS_OIDC_AUTH_SERVER_URL: http://keycloak:8080/realms/Quarkus # used by backend, can be container address
       QUARKUS_OIDC_CLIENT_ID: backend-quarkus
       QUARKUS_OIDC_CREDENTIALS_SECRET: '**********'
-      QUARKUS_OIDC_TLS_VERIFICATION: none
+      QUARKUS_OIDC_TLS_VERIFICATION: none # only for use behind reverse proxy!
 
       QUARKUS_MAILER_FROM: ${MAIL_FROM}
       QUARKUS_MAILER_HOST: ${MAIL_HOST}
@@ -59,7 +68,9 @@ services:
     networks:
       - turnierplaner_network
 
-
+  # example keycloak configuration
+  # no tls configured
+  # -> only use for local testing or behind an edge reverse proxy
   keycloak:
     restart: on-failure:5
     container_name: keycloak-app
@@ -69,18 +80,31 @@ services:
       KC_DB_URL: jdbc:postgresql://keycloak_db/keycloak
       KC_DB_USERNAME: ${POSTGRES_USER:-keycloak}
       KC_DB_PASSWORD: ${POSTGRES_PASSWORD:-eX4mP13p455w0Rd}
+
+      # use only for local tests
       KC_HOSTNAME_STRICT: false
-#      KC_HOSTNAME: ${KC_HOSTNAME:-your.domain}
-#      KC_HOSTNAME_BACKCHANNEL_DYNAMIC: true
+
+      # use for prod system
+      # KC_HOSTNAME: ${KC_HOSTNAME:-your.domain}
+      # KC_HOSTNAME_BACKCHANNEL_DYNAMIC: true
+
       KC_HTTP_ENABLED: true
-      HTTP_ADDRESS_FORWARDING: true
+      # enable for usage behind reverse proxy, xforward headers need to be set!
+      # KC_PROXY_HEADERS: xforwarded
+      # use this to check if headers are set correctly
+      # https://your-domain/realms/master/hostname-debug
+      # KC_HOSTNAME_DEBUG: true
+
+      # always set a new admin account after the first start!
       KEYCLOAK_ADMIN: admin
       KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
+
+      # used to determine healthiness of container
       KC_HEALTH_ENABLED: true
       KC_METRICS_ENABLED: true
     command: start
     ports:
-      - 7777:8080
+      - 7777:8080 # remove this behind a reverse proxy
     depends_on:
       keycloak_db:
         condition: service_healthy

pom.xml

@@ -7,7 +7,7 @@
 
     <groupId>de.secretj12.turnierplaner</groupId>
     <artifactId>main</artifactId>
-    <version>1.0.0-SNAPSHOT</version>
+    <version>0.0.2</version>
 
     <properties>
         <java.version>21</java.version>

src/main/resources/application.properties

@@ -1,10 +1,10 @@
 # properties
-turnierplaner.club-name=title
-turnierplaner.language=de
-turnierplaner.registration.expire=30
-turnierplaner.admin-verification-needed=true
-turnierplaner.keycloak.realm=Quarkus
-turnierplaner.frontend.oidc=${OIDC_FRONTEND:http://localhost:7777/realms/Quarkus}
+turnierplaner.club-name=${TURNIERPLANER_TITLE:title}
+turnierplaner.language=${TURNIERPLANER_LANGUAGE:de}
+turnierplaner.registration.expire=${TURNIERPLANER_REGISTRATION_EXPIRE:30}
+turnierplaner.admin-verification-needed=${TURNIERPLANER_ADMIN_VERIFICATION_NEEDED:true}
+turnierplaner.keycloak.realm=${TURNIERPLANER_REALM:Quarkus}
+turnierplaner.frontend.oidc=${TURNIERPLANER_OIDC_FRONTEND:http://localhost:7777/realms/Quarkus}
 
 # key cloak admin
 quarkus.keycloak.admin-client.server-url=http://localhost:7777
@@ -29,11 +29,13 @@ quarkus.live-reload.instrumentation=true
 %dev.quarkus.datasource.jdbc.url=jdbc:postgresql://localhost:5432/hibernate
 # drop and create the database at startup (use `update` to only update the schema)
 quarkus.hibernate-orm.database.generation=drop-and-create
+%prod.quarkus.hibernate-orm.database.generation=update
 # OIDC Configuration
 %prod.quarkus.oidc.auth-server-url=https://localhost:8080/realms/Quarkus
 quarkus.oidc.client-id=backend-quarkus
 quarkus.oidc.credentials.secret=**********
 quarkus.oidc.tls.verification=none
+quarkus.oidc.token.issuer=${TURNIERPLANER_OIDC_FRONTEND}
 
 quarkus.keycloak.devservices.port=7777
 quarkus.keycloak.devservices.realm-path=keycloak_realm.json
@@ -48,7 +50,7 @@ quarkus.log.category."io.quarkus.oidc.runtime.OidcProvider".level=DEBUG
 
 # Turnierplaner configuration
 %dev.turnierplaner.testdata=true
-turnierplaner.testdata=false
+turnierplaner.testdata=${TURNIERPLANER_TESTDATA:false}
 
 #SMTP
 quarkus.mailer.from=${MAIL_FROM}