feat: start C4PO with docker-compose
This commit is contained in:
parent
40224635ab
commit
e27d6005db
23
c4po.sh
23
c4po.sh
|
@ -1,15 +1,5 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
baseDir=$(pwd)
|
baseDir=$(pwd)
|
||||||
|
|
||||||
composeDir=$baseDir"/security-c4po-cfg"
|
|
||||||
keycloakVolume="security-c4po-cfg/volumes/keycloak/data/*"
|
|
||||||
mongoVolume="security-c4po-cfg/volumes/mongodb/data/*"
|
|
||||||
|
|
||||||
composeKeycloak=$baseDir"/security-c4po-cfg/kc/docker-compose.keycloak.yml"
|
|
||||||
composeDatabase=$baseDir"/security-c4po-cfg/mongodb/docker-compose.mongodb.yml"
|
|
||||||
composeFrontend=$baseDir"/security-c4po-cfg/frontend/docker-compose.frontend.yml"
|
|
||||||
composeBackend=$baseDir"/security-c4po-cfg/backend/docker-compose.backend.yml"
|
|
||||||
|
|
||||||
compose=$baseDir"/security-c4po-cfg/docker-compose.yml"
|
compose=$baseDir"/security-c4po-cfg/docker-compose.yml"
|
||||||
|
|
||||||
echo -e "
|
echo -e "
|
||||||
|
@ -24,24 +14,21 @@ ______| |______ |_____ |_____| | \_ __|__ | | _/_/_/ _/
|
||||||
|
|
||||||
echo "-------------CLEAN UP Container---------------"
|
echo "-------------CLEAN UP Container---------------"
|
||||||
echo -e "\n"
|
echo -e "\n"
|
||||||
rm -r ${keycloakVolume}
|
|
||||||
docker rm -f c4po-keycloak
|
docker rm -f c4po-keycloak
|
||||||
docker rm -f c4po-keycloak-postgres
|
#docker rm -f c4po-db ### toggle to clear database with every start ###
|
||||||
docker rm -f c4po-db
|
|
||||||
docker rm -f c4po-api
|
docker rm -f c4po-api
|
||||||
docker rm -f c4po-angular
|
docker rm -f c4po-angular
|
||||||
echo -e "\n"
|
echo -e "\n"
|
||||||
|
|
||||||
echo "-----------------Start Build------------------"
|
echo "-----------------Start Build------------------"
|
||||||
echo -e "\n"
|
echo -e "\n"
|
||||||
echo " - Backend: "
|
echo " - Backend: "
|
||||||
docker-compose -f ${composeBackend} build
|
docker-compose -f ${compose} build c4po-api
|
||||||
echo -e "\n"
|
echo -e "\n"
|
||||||
echo " - Frontend: "
|
echo " - Frontend: "
|
||||||
docker-compose -f ${composeFrontend} build
|
docker-compose -f ${compose} build c4po-angular
|
||||||
echo -e "\n"
|
echo -e "\n"
|
||||||
# docker-compose -f ${compose} up
|
|
||||||
|
|
||||||
echo "------------Start Docker Container------------"
|
echo "------------Start Docker Container------------"
|
||||||
echo -e "\n"
|
echo -e "\n"
|
||||||
docker-compose -f ${composeKeycloak} -f ${composeDatabase} -f ${composeBackend} -f ${composeFrontend} up
|
docker-compose -f ${compose} up
|
||||||
# docker-compose -f ${compose} up
|
|
||||||
|
|
|
@ -66,7 +66,7 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div *ngIf="projects$.getValue().length === 0 && loading$.getValue() === false" fxLayout="row" fxLayoutAlign="center center">
|
<div *ngIf="projects$.getValue() == null || projects$.getValue().length === 0 && loading$.getValue() === false" fxLayout="row" fxLayoutAlign="center center">
|
||||||
<p class="error-text">
|
<p class="error-text">
|
||||||
{{'project.overview.no.projects' | translate}}
|
{{'project.overview.no.projects' | translate}}
|
||||||
</p>
|
</p>
|
||||||
|
|
|
@ -6,15 +6,12 @@ RUN mkdir /data
|
||||||
RUN chown security-c4po-api:security-c4po-api /data
|
RUN chown security-c4po-api:security-c4po-api /data
|
||||||
USER security-c4po-api
|
USER security-c4po-api
|
||||||
|
|
||||||
# GET CURRENT STAGE
|
|
||||||
ARG STAGE
|
|
||||||
ENV ENV_STAGE=$STAGE
|
|
||||||
|
|
||||||
# COPY PACKAGE INTO IMAGE
|
# COPY PACKAGE INTO IMAGE
|
||||||
COPY ./build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar /
|
COPY ./build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar /
|
||||||
USER security-c4po-api
|
USER security-c4po-api
|
||||||
EXPOSE 8443
|
EXPOSE 8443
|
||||||
|
|
||||||
# RUN JAVA
|
# WAIT FOR KEYCLOAK & RUN JAVA
|
||||||
|
COPY ./wait-for-keycloak.sh /
|
||||||
# CMD [ "java", "-jar", "security-c4po-api-0.0.1-SNAPSHOT.jar" ]
|
# CMD [ "java", "-jar", "security-c4po-api-0.0.1-SNAPSHOT.jar" ]
|
||||||
ENTRYPOINT [ "java", "-jar", "-Dspring.profiles.active=${ENV_STAGE}", "security-c4po-api-0.0.1-SNAPSHOT.jar" ]
|
ENTRYPOINT [ "./wait-for-keycloak.sh", "http://c4po-keycloak:8080/auth/realms/c4po_realm_local", "java", "-Dspring.profiles.active=${SPRING_PROFILES_ACTIVE}", "-jar", "security-c4po-api-0.0.1-SNAPSHOT.jar" ]
|
||||||
|
|
|
@ -1,12 +1,20 @@
|
||||||
package com.securityc4po.api.configuration.security
|
package com.securityc4po.api.configuration.security
|
||||||
|
|
||||||
|
import org.springframework.beans.factory.annotation.Value
|
||||||
import org.springframework.context.annotation.Bean
|
import org.springframework.context.annotation.Bean
|
||||||
import org.springframework.context.annotation.ComponentScan
|
import org.springframework.context.annotation.ComponentScan
|
||||||
import org.springframework.context.annotation.Configuration
|
import org.springframework.context.annotation.Configuration
|
||||||
|
import org.springframework.context.annotation.Profile
|
||||||
import org.springframework.http.HttpMethod
|
import org.springframework.http.HttpMethod
|
||||||
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity
|
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity
|
||||||
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
|
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
|
||||||
import org.springframework.security.config.web.server.ServerHttpSecurity
|
import org.springframework.security.config.web.server.ServerHttpSecurity
|
||||||
|
import org.springframework.security.oauth2.core.OAuth2TokenValidator
|
||||||
|
import org.springframework.security.oauth2.jwt.Jwt
|
||||||
|
import org.springframework.security.oauth2.jwt.JwtValidators
|
||||||
|
import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
|
||||||
|
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder
|
||||||
|
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoders
|
||||||
import org.springframework.security.web.server.SecurityWebFilterChain
|
import org.springframework.security.web.server.SecurityWebFilterChain
|
||||||
import org.springframework.web.cors.CorsConfiguration
|
import org.springframework.web.cors.CorsConfiguration
|
||||||
|
|
||||||
|
@ -16,6 +24,12 @@ import org.springframework.web.cors.CorsConfiguration
|
||||||
@ComponentScan
|
@ComponentScan
|
||||||
class WebSecurityConfiguration(private val userAccountDetailsService: UserAccountDetailsService) {
|
class WebSecurityConfiguration(private val userAccountDetailsService: UserAccountDetailsService) {
|
||||||
|
|
||||||
|
@Value("\${external.issuer-uri}")
|
||||||
|
var externalIssuerUri: String? = null
|
||||||
|
|
||||||
|
@Value("\${spring.security.oauth2.resourceserver.jwt.issuer-uri}")
|
||||||
|
var internalIssuerUri: String? = null
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
fun setSecurityWebFilterChains(http: ServerHttpSecurity): SecurityWebFilterChain {
|
fun setSecurityWebFilterChains(http: ServerHttpSecurity): SecurityWebFilterChain {
|
||||||
http.cors().configurationSource {
|
http.cors().configurationSource {
|
||||||
|
@ -28,19 +42,19 @@ class WebSecurityConfiguration(private val userAccountDetailsService: UserAccoun
|
||||||
this.addAllowedMethod(HttpMethod.PUT)
|
this.addAllowedMethod(HttpMethod.PUT)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
.and()
|
.and()
|
||||||
.csrf()
|
.csrf()
|
||||||
.disable()
|
.disable()
|
||||||
.authorizeExchange()
|
.authorizeExchange()
|
||||||
.pathMatchers(HttpMethod.GET, "/v1/projects/**").authenticated()
|
.pathMatchers(HttpMethod.GET, "/v1/projects/**").authenticated()
|
||||||
.pathMatchers(HttpMethod.GET, "/v1/pentests/**").authenticated()
|
.pathMatchers(HttpMethod.GET, "/v1/pentests/**").authenticated()
|
||||||
.pathMatchers("/actuator/**").permitAll()
|
.pathMatchers("/actuator/**").permitAll()
|
||||||
.pathMatchers("/docs/SecurityC4PO.html").permitAll()
|
.pathMatchers("/docs/SecurityC4PO.html").permitAll()
|
||||||
.anyExchange().authenticated()
|
.anyExchange().authenticated()
|
||||||
.and()
|
.and()
|
||||||
.oauth2ResourceServer()
|
.oauth2ResourceServer()
|
||||||
.jwt()
|
.jwt()
|
||||||
.jwtAuthenticationConverter(appuserJwtAuthenticationConverter())
|
.jwtAuthenticationConverter(appuserJwtAuthenticationConverter())
|
||||||
return http.build()
|
return http.build()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -48,4 +62,13 @@ class WebSecurityConfiguration(private val userAccountDetailsService: UserAccoun
|
||||||
fun appuserJwtAuthenticationConverter(): AppuserJwtAuthConverter {
|
fun appuserJwtAuthenticationConverter(): AppuserJwtAuthConverter {
|
||||||
return AppuserJwtAuthConverter(userAccountDetailsService)
|
return AppuserJwtAuthConverter(userAccountDetailsService)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
@Profile("COMPOSE")
|
||||||
|
fun jwtDecoder(): ReactiveJwtDecoder {
|
||||||
|
val jwtDecoder = ReactiveJwtDecoders.fromIssuerLocation(internalIssuerUri) as NimbusReactiveJwtDecoder
|
||||||
|
val withIssuer: OAuth2TokenValidator<Jwt> = JwtValidators.createDefaultWithIssuer(externalIssuerUri)
|
||||||
|
jwtDecoder.setJwtValidator(withIssuer)
|
||||||
|
return jwtDecoder
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
## IdentityProvider (Keycloak) ##
|
## IdentityProvider (Keycloak) ##
|
||||||
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8888/auth/realms/c4po_realm_local
|
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://c4po-keycloak:8080/auth/realms/c4po_realm_local
|
||||||
keycloakhost=localhost
|
keycloakhost=c4po-keycloak
|
||||||
keycloak.client.url=http://localhost:8888
|
keycloak.client.url=http://c4po-keycloak:8080
|
||||||
keycloak.client.realm.path=auth/realms/c4po_realm_local/
|
keycloak.client.realm.path=auth/realms/c4po_realm_local/
|
||||||
|
|
||||||
## Database (MONGODB) Config ##
|
## Database (MONGODB) Config ##
|
||||||
|
|
|
@ -17,6 +17,7 @@ spring.data.mongodb.auto-index-creation=true
|
||||||
|
|
||||||
## IdentityProvider (Keycloak) ##
|
## IdentityProvider (Keycloak) ##
|
||||||
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8080/auth/realms/c4po_realm_local
|
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8080/auth/realms/c4po_realm_local
|
||||||
|
external.issuer-uri=http://localhost:8080/auth/realms/c4po_realm_local
|
||||||
keycloakhost=localhost
|
keycloakhost=localhost
|
||||||
keycloak.client.url=http://localhost:8080
|
keycloak.client.url=http://localhost:8080
|
||||||
keycloak.client.realm.path=auth/realms/c4po_realm_local/
|
keycloak.client.realm.path=auth/realms/c4po_realm_local/
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# wait-for-keycloak.sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
host="$1"
|
||||||
|
shift
|
||||||
|
|
||||||
|
printf 'Waiting for keycloak...'
|
||||||
|
until $(curl --output /dev/null --silent --head --fail $host); do
|
||||||
|
printf '.'
|
||||||
|
sleep 4
|
||||||
|
done
|
||||||
|
|
||||||
|
printf '\nKeycloak is up and running - Starting C4PO API'
|
||||||
|
|
||||||
|
exec "$@"
|
|
@ -1,15 +0,0 @@
|
||||||
version: '3.1'
|
|
||||||
|
|
||||||
services:
|
|
||||||
c4po-api:
|
|
||||||
build: '../../security-c4po-api'
|
|
||||||
image: security-c4po-api:latest
|
|
||||||
container_name: c4po-api
|
|
||||||
environment:
|
|
||||||
- SPRING_PROFILES_ACTIVE=COMPOSE
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
memory: "1G"
|
|
||||||
ports:
|
|
||||||
- 8443:8443
|
|
|
@ -1,10 +1,10 @@
|
||||||
version: '2'
|
version: '2'
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
c4po-keycloak-postgres:
|
|
||||||
c4po-db:
|
c4po-db:
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
# Database
|
||||||
c4po-db:
|
c4po-db:
|
||||||
image: mongo:latest
|
image: mongo:latest
|
||||||
container_name: c4po-db
|
container_name: c4po-db
|
||||||
|
@ -39,7 +39,7 @@ services:
|
||||||
deploy:
|
deploy:
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
memory: "1G"
|
memory: "2G"
|
||||||
ports:
|
ports:
|
||||||
- 4200:4200
|
- 4200:4200
|
||||||
networks:
|
networks:
|
||||||
|
@ -56,7 +56,7 @@ services:
|
||||||
deploy:
|
deploy:
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
memory: "1G"
|
memory: "2G"
|
||||||
ports:
|
ports:
|
||||||
- 8443:8443
|
- 8443:8443
|
||||||
networks:
|
networks:
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
version: '3.1'
|
|
||||||
|
|
||||||
services:
|
|
||||||
c4po-angular:
|
|
||||||
build: '../../security-c4po-angular'
|
|
||||||
image: security-c4po-angular:latest
|
|
||||||
container_name: c4po-angular
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
memory: "1G"
|
|
||||||
ports:
|
|
||||||
- 4200:4200
|
|
|
@ -1,21 +0,0 @@
|
||||||
version: '3.1'
|
|
||||||
|
|
||||||
services:
|
|
||||||
c4po-keycloak:
|
|
||||||
container_name: c4po-keycloak
|
|
||||||
image: jboss/keycloak:11.0.3
|
|
||||||
volumes:
|
|
||||||
- ../cfg/c4po_realm_export.json:/tmp/c4po_realm_export.json
|
|
||||||
ports:
|
|
||||||
- 8888:8080
|
|
||||||
env_file:
|
|
||||||
- ../cfg/keycloak.env
|
|
||||||
c4po-keycloak-postgress:
|
|
||||||
container_name: c4po-keycloak-postgres
|
|
||||||
image: postgres:10.16-alpine
|
|
||||||
env_file:
|
|
||||||
- ../cfg/keycloakdb.env
|
|
||||||
ports:
|
|
||||||
- 5433:5432
|
|
||||||
volumes:
|
|
||||||
- ../volumes/keycloak/data:/var/lib/postgres/data
|
|
|
@ -1,14 +0,0 @@
|
||||||
version: '3.1'
|
|
||||||
|
|
||||||
services:
|
|
||||||
c4po-db:
|
|
||||||
image: mongo:4.4.6
|
|
||||||
container_name: c4po-db
|
|
||||||
volumes:
|
|
||||||
- ../volumes/mongodb/data:/data/db
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
memory: "1G"
|
|
||||||
ports:
|
|
||||||
- 27017:27017
|
|
Loading…
Reference in New Issue