diff --git a/api/src/main/resources/application.properties b/api/src/main/resources/application.properties index f5180b31..108482e2 100644 --- a/api/src/main/resources/application.properties +++ b/api/src/main/resources/application.properties @@ -13,6 +13,6 @@ management.endpoint.prometheus.enabled=true server.port=8443 security.require-ssl=true -server.ssl.key-store=/etc/certs/keystore.p12 +server.ssl.key-store=/etc/letsencrypt/live/kiwiq.run.place/keystore.p12 server.ssl.key-store-type=PKCS12 server.ssl.key-store-password=${SSL_PASSWORD} \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 627c9216..dd2e9cce 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,142 +1,125 @@ -version: '3' -services: - WIQ_DB: - container_name: postgresql-${teamname:-defaultASW} - environment: - POSTGRES_USER: ${DATABASE_USER} - POSTGRES_PASSWORD: ${DATABASE_PASSWORD} - volumes: - - postgres_data:/var/lib/postgresql/data - image: postgres:latest - profiles: ["dev", "prod"] - networks: - mynetwork: - ipv4_address: 10.5.0.10 + version: '3' + services: + WIQ_DB: + container_name: postgresql-${teamname:-defaultASW} + environment: + POSTGRES_USER: ${DATABASE_USER} + POSTGRES_PASSWORD: ${DATABASE_PASSWORD} + volumes: + - postgres_data:/var/lib/postgresql/data + image: postgres:latest + profiles: ["dev", "prod"] + networks: + mynetwork: - api: - container_name: api-${teamname:-defaultASW} - image: ghcr.io/arquisoft/wiq_en2b/api:latest - profiles: ["dev", "prod"] - build: - context: ./api - args: - DATABASE_USER: ${DATABASE_USER} - DATABASE_PASSWORD: ${DATABASE_PASSWORD} - JWT_SECRET: ${JWT_SECRET} - environment: - - DATABASE_URL=jdbc:postgresql://WIQ_DB:5432/wiq - - DATABASE_USER=${DATABASE_USER} - - DATABASE_PASSWORD=${DATABASE_PASSWORD} - - JWT_SECRET=${JWT_SECRET} - ports: - - 8080:8080 - networks: - mynetwork: - ipv4_address: 10.5.0.6 - volumes: - - /certs:/etc/letsencrypt - depends_on: - - WIQ_DB - - kiwiq + api: + container_name: api-${teamname:-defaultASW} + image: ghcr.io/arquisoft/wiq_en2b/api:latest + profiles: ["dev", "prod"] + build: + context: ./api + args: + DATABASE_USER: ${DATABASE_USER} + DATABASE_PASSWORD: ${DATABASE_PASSWORD} + JWT_SECRET: ${JWT_SECRET} + SSL_PASSWORD: ${SSL_PASSWORD} + environment: + - DATABASE_URL=jdbc:postgresql://WIQ_DB:5432/wiq + - DATABASE_USER=${DATABASE_USER} + - DATABASE_PASSWORD=${DATABASE_PASSWORD} + - JWT_SECRET=${JWT_SECRET} + - SSL_PASSWORD=${SSL_PASSWORD} + ports: + - 8080:8080 + networks: + mynetwork: + volumes: + - /etc/letsencrypt/live/kiwiq.run.place:/etc/letsencrypt + depends_on: + - WIQ_DB + - kiwiq - question-generator: - container_name: question-generator-${teamname:-defaultASW} - image: ghcr.io/arquisoft/wiq_en2b/question-generator:latest - profiles: ["dev", "prod"] - build: - context: ./questiongenerator - args: - DATABASE_USER: ${DATABASE_USER} - DATABASE_PASSWORD: ${DATABASE_PASSWORD} - environment: - - DATABASE_URL=jdbc:postgresql://WIQ_DB:5432/wiq - - DATABASE_USER=${DATABASE_USER} - - DATABASE_PASSWORD=${DATABASE_PASSWORD} - networks: - mynetwork: - ipv4_address: 10.5.0.11 - depends_on: - - WIQ_DB + question-generator: + container_name: question-generator-${teamname:-defaultASW} + image: ghcr.io/arquisoft/wiq_en2b/question-generator:latest + profiles: ["dev", "prod"] + build: + context: ./questiongenerator + args: + DATABASE_USER: ${DATABASE_USER} + DATABASE_PASSWORD: ${DATABASE_PASSWORD} + environment: + - DATABASE_URL=jdbc:postgresql://WIQ_DB:5432/wiq + - DATABASE_USER=${DATABASE_USER} + - DATABASE_PASSWORD=${DATABASE_PASSWORD} + networks: + mynetwork: + depends_on: + - WIQ_DB - certbot: - image: certbot/certbot - volumes: - - /certs:/etc/letsencrypt - networks: - mynetwork: - ipv4_address: 10.5.0.10 + prometheus: + image: prom/prometheus + container_name: prometheus-${teamname:-defaultASW} + profiles: ["dev", "prod"] + networks: + mynetwork: + volumes: + - ./quiz-api/monitoring/prometheus:/etc/prometheus + - prometheus_data:/prometheus + - /etc/letsencrypt/live/kiwiq.run.place:/etc/letsencrypt/kiwiq.run.place + depends_on: + - api - prometheus: - image: prom/prometheus - container_name: prometheus-${teamname:-defaultASW} - profiles: ["dev", "prod"] - networks: - mynetwork: - ipv4_address: 10.5.0.8 - volumes: - - ./quiz-api/monitoring/prometheus:/etc/prometheus - - prometheus_data:/prometheus - - /certs:/etc/letsencrypt/kiwiq.run.place - depends_on: - - api + kiwiq: + image: kiwiq_en2b + container_name: kiwiq + networks: + mynetwork: + links: + - webapp + ports: + - "80:80" + - "443:443" + depends_on: + - webapp + volumes: + - /etc/letsencrypt/live/kiwiq.run.place:/etc/certs + build: + context: ./nginx_conf - kiwiq: - image: kiwiq_en2b - container_name: kiwiq - networks: - mynetwork: - ipv4_address: 10.5.0.12 - ports: - - "80:80" - - "443:443" - depends_on: - - webapp - - certbot - volumes: - - /certs:/etc/certs - build: - context: ./nginx_conf - command: openssl pkcs12 -export -in /etc/certs/fullchain.pem -inkey /etc/certs/privkey.pem -out /etc/certs/keystore.p12 -name tomcat -CAfile /etc/certs/chain.pem -caname root + webapp: + container_name: webapp-${teamname:-defaultASW} + image: ghcr.io/arquisoft/wiq_en2b/webapp:latest + profiles: [ "dev", "prod" ] + build: + args: + REACT_APP_API_ENDPOINT: ${API_URI} + context: ./webapp + environment: + - REACT_APP_API_ENDPOINT=${API_URI} + networks: + mynetwork: - webapp: - container_name: webapp-${teamname:-defaultASW} - image: ghcr.io/arquisoft/wiq_en2b/webapp:latest - profiles: [ "dev", "prod" ] - build: - args: - REACT_APP_API_ENDPOINT: ${API_URI} - context: ./webapp - environment: - - REACT_APP_API_ENDPOINT=${API_URI} - networks: - mynetwork: - ipv4_address: 10.5.0.9 + grafana: + image: grafana/grafana + container_name: grafana-${teamname:-defaultASW} + profiles: [ "dev" , "prod"] + networks: + mynetwork: + volumes: + - grafana_data:/var/lib/grafana + - ./quiz-api/monitoring/grafana/provisioning:/etc/grafana/provisioning + environment: + - GF_SERVER_HTTP_PORT=9091 + - GF_AUTH_DISABLE_LOGIN_FORM=true + depends_on: + - prometheus + volumes: + postgres_data: + prometheus_data: + grafana_data: + certs: - grafana: - image: grafana/grafana - container_name: grafana-${teamname:-defaultASW} - profiles: [ "dev" , "prod"] - networks: - mynetwork: - ipv4_address: 10.5.0.7 - volumes: - - grafana_data:/var/lib/grafana - - ./quiz-api/monitoring/grafana/provisioning:/etc/grafana/provisioning - environment: - - GF_SERVER_HTTP_PORT=9091 - - GF_AUTH_DISABLE_LOGIN_FORM=true - depends_on: - - prometheus -volumes: - postgres_data: - prometheus_data: - grafana_data: - certs: - -networks: - mynetwork: - driver: bridge - ipam: - config: - - subnet: 10.5.0.0/16 - gateway: 10.5.0.1 \ No newline at end of file + networks: + mynetwork: + driver: bridge diff --git a/nginx_conf/nginx.conf b/nginx_conf/nginx.conf index 8cd1d714..f4aa43bd 100644 --- a/nginx_conf/nginx.conf +++ b/nginx_conf/nginx.conf @@ -21,7 +21,7 @@ http { listen [::]:80 default_server; location / { - proxy_pass http://10.5.0.9:3000; + proxy_pass http://webapp:3000; } } @@ -30,9 +30,9 @@ http { listen 443 ssl default_server; listen [::]:443 ssl default_server; - ssl_certificate /etc/certs/fullchain.pem; - ssl_certificate_key /etc/certs/privkey.pem; - ssl_dhparam /etc/ssl/certs/dhparams.pem; + ssl_certificate /etc/letsencrypt/live/kiwiq.run.place/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/kiwiq.run.place/privkey.pem; + ssl_dhparam /etc/nginx/dhparams.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; @@ -41,7 +41,7 @@ http { ssl_session_cache shared:SSL:10m; location / { - proxy_pass http://10.5.0.9:3000; + proxy_pass http://webapp:3000; } } -} \ No newline at end of file +}