Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
breakoutModewide
languageyaml
version: "3.3"
services:
  # database
  controlplane-backend-db:
    image: mysql:8
    container_name: controlplane-backend-db
    restart: always
    ports:
      - "3309:3306"
    environment:
      MYSQL_ROOT_PASSWORD: 123
      MYSQL_DATABASE: obsidian-backend
      MYSQL_USER: obsidian
      MYSQL_PASSWORD: 123
    volumes:
      - controlplane-backend-db-vol:/var/lib/mysql

  # backend
  controlplane-backend:
    image: ghcr.io/apiida/controlplane-backend:latest
    container_name: controlplane-backend
    depends_on:
      - controlplane-backend-db
    ports:
      - "8080:8080"
    environment:
      # The initial admin. You should change the password later.
      initial-admin.username: admin
      initial-admin.password: admin
      # The connection to the Developer Portal is created directly at startup. The token can be freely selected but must match the one set in the Developer Portal.
      dev-portal.default.url: https://localhost:3009
      dev-portal.default.token: vpfw2d823h8uQRN
      # It is important that you provide a secure password here! This is used to encrypt secrets like git passwords in the database!
      jasypt.encryptor.password: Dont4get$1
      spring.datasource.url: "jdbc:mysql://controlplane-backend-db:3306/obsidian-backend"
      spring.datasource.username: obsidian
      spring.datasource.password: 123
      # required for CORS
      frontend.url: https://localhost:3000
      # you can also configure smtp while ACP is running, so this is optional
      # mail.smtp.host: <host>
      # mail.smtp.port: 25
      # mail.smtp.encryption: TLS
      # mail.smtp.username: <username>
      # mail.smtp.password: <password>
      # mail.smtp.from: hello@apiida.com
      # currently, we open a database connection for each incomming request, so the pool size determines how many requests we can process in parallel
      # you can reduce this, but don't go too small. I would recommend at the very least 20!
      spring.datasource.hikari.maximum-pool-size: 50
      # SSL/TLS configuration - uncomment and configure as needed
      # By default, SSL is enabled and uses a certificate issued for localhost.
      # server.ssl.enabled: true
      # You can provide your own private key and certificate by mounting a .p12 file into the container and configure
      # its location (we recommend /application/certs/backend.p12) and password in the following properties:
      # server.ssl.key-store-type: PKCS12
      # server.ssl.key-store: "/application/certs/backend.p12"
      # server.ssl.key-store-password: <your-p12-password>
      # By default, only TLSv1.3 is supported. You may change the supported protocol(s) here:
      # server.ssl.protocol: TLS
      # server.ssl.enabled-protocols: TLSv1.3
    volumes:
      - controlplane-backend-files-vol:/application/files
      # you probably want to add another volume, for your SSL certificate (.p12 format!)

  # frontend
  controlplane-frontend:
    image: ghcr.io/apiida/controlplane-frontend:latest
    container_name: controlplane-frontend
    depends_on:
      - controlplane-backend
    ports:
      - "3000:443"
    environment:
      BACKEND_URL: https://localhost:8080
      # To disable the insertion of the tenant ID the string must not contain 'addTenantIdToBack'.
      INSERT_TENANT_ID: doNotInsertIt
      # ssl configuration - here you can mount your certificate in the container and if you want, also change the whole nginx configuration.
      # volumes:
      #   - ./frontend.crt:/etc/ssl/certs/frontend.crt
      #   - ./frontend.key:/etc/ssl/private/frontend.key
      # http://nginx.org/en/docs/
      #   - ./nginx.conf:/etc/nginx/conf.d/default.conf

  # devportal
  controlplane-devportal:
    image: ghcr.io/apiida/controlplane-devportal:latest
    container_name: controlplane-devportal
    depends_on:
      - controlplane-backend
    ports:
      - "3009:443"
    environment:
      BACKEND_URL: https://localhost:8080
      # To disable the insertion of the tenant ID the string must not contain 'addTenantIdToBack'.
      INSERT_TENANT_ID: doNotInsertIt
      DEV_PORTAL_TOKEN: vpfw2d823h8uQRN
      # ssl configuration - here you can mount your certificate in the container and if you want, also change the whole nginx configuration.
      # volumes:
      #   - ./frontend.crt:/etc/ssl/certs/frontenddevportal.crt
      #   - ./frontend.key:/etc/ssl/private/frontenddevportal.key
      # http://nginx.org/en/docs/
      #   - ./nginx.conf:/etc/nginx/conf.d/default.conf

networks:
  default:
    name: controlplane

volumes:
  controlplane-backend-db-vol:
  controlplane-backend-files-vol:

...

To use production SSL certificates you must move your cert components to the following locations:

Mount the certificate in /etc/ssl/certs/frontend.crt
Mount the private key in /etc/ssl/private/frontend.key

These locations are static and not configurable via Environment Variables.

Backend Setup

Database Pool size.

...

Then the initial credentials are username admin and password admin. The user and password should be changed later.

Frontend: TLS Certificates

To use production SSL certificates you must move your cert components to the following locations:

Mount the certificate in /etc/ssl/certs/frontend.crt
Mount the private key in /etc/ssl/private/frontend.

...

key

These locations are static and not configurable via Environment Variables.

Devportal: TLS Certificates

To use production SSL certificates you must move your cert components to the following locations:

Mount the certificate in /etc/ssl/certs/devportal.crt
Mount the private key in /etc/ssl/private/devportal.key

These locations are static and not configurable via Environment Variables.

Backend: TLS Certificates

If you want to enable ssl SSL and provide a certificate + private key for the backend, it must be in form of a .p12 file, which must contain your private key and the certificate chain.

See these commands on how to create a certificate chain file and then create a .p12 from it and your private key:

...

Mount the certificate into /application/certs/ in the backend container and then set server.ssl.key-store environment variable to the full path of the certificate, e.g. /applications/certs/backend.p12.

...