diff --git a/.env b/.env new file mode 100644 index 00000000..a78d130b --- /dev/null +++ b/.env @@ -0,0 +1,4 @@ +MYSQL_HOST=db +KEYSTORE_PATH=./testCert.p12 +KEYSTORE_PASSWORD=123456 +WIQ_IMAGE=pelayori/wiq_es04b \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4b976618..13ef900a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -43,7 +43,8 @@ jobs: username: ${{ secrets.DEPLOY_USER }} key: ${{ secrets.DEPLOY_KEY }} script: | - wget https://raw.githubusercontent.com/${{ github.repository }}/${{ github.ref_name }}/docker-compose.yml -O docker-compose.yml docker-compose down + wget https://raw.githubusercontent.com/${{ github.repository }}/${{ github.ref_name }}/docker-compose.yml -O docker-compose.yml + wget https://raw.githubusercontent.com/${{ github.repository }}/${{ github.ref_name }}/prometheus.yml -O prometheus.yml docker compose pull docker-compose up -d diff --git a/Dockerfile b/Dockerfile index 752ecea9..0edd0077 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # Build stage with Maven and JDK 17 FROM maven:3.8.4-openjdk-17-slim as build -WORKDIR /app +WORKDIR ./app COPY pom.xml . COPY src src/ # Use Maven directly instead of the Maven Wrapper @@ -8,6 +8,6 @@ RUN mvn clean package -DskipTests # Run stage with JDK 17 FROM openjdk:17-slim -COPY --from=build /app/target/*.jar app.jar +COPY --from=build ./app/target/*.jar app.jar ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-Dspring.profiles.active=prod","-jar","/app.jar"] EXPOSE 443 \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index a61915cf..e88e89ed 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,13 +18,13 @@ services: restart: always wiq_es04b: - image: ghcr.io/arquisoft/wiq_es04b:latest + image: ${WIQ_IMAGE:-ghcr.io/arquisoft/wiq_es04b:latest} environment: MYSQL_HOST: ${MYSQL_HOST} - MYSQL_PORT: ${MYSQL_PORT} - MYSQL_DATABASE: ${MYSQL_DATABASE} - MYSQL_USER: ${MYSQL_USER} - MYSQL_PASSWORD: ${MYSQL_PASSWORD} + MYSQL_DATABASE: ${MYSQL_DATABASE:-wiq_es04b} + MYSQL_USER: ${MYSQL_USER:-wiq_es04b} + MYSQL_PASSWORD: ${MYSQL_PASSWORD:-wiq_es04b} + MYSQL_PORT: ${MYSQL_PORT:-3306} KEYSTORE_PATH: ${KEYSTORE_PATH} KEYSTORE_PASSWORD: ${KEYSTORE_PASSWORD} ports: @@ -38,9 +38,40 @@ services: volumes: - ${KEYSTORE_PATH}:/certs/keystore.p12 + prometheus: + image: prom/prometheus:latest + volumes: + - prometheus_data:/prometheus + - ./prometheus.yml:/etc/prometheus/prometheus.yml + ports: + - "9090:9090" + networks: + - mynetwork + depends_on: + - wiq_es04b + restart: always + + grafana: + image: grafana/grafana:latest + volumes: + - grafana_data:/var/lib/grafana + environment: + GF_AUTH_DISABLE_LOGIN_FORM: 1 + GF_AUTH_ANONYMOUS_ENABLED: true + GF_AUTH_ANONYMOUS_ORG_ROLE: Admin + ports: + - "3000:3000" + networks: + - mynetwork + depends_on: + - prometheus + restart: always + volumes: db_data: + prometheus_data: + grafana_data: networks: mynetwork: - driver: bridge + driver: bridge \ No newline at end of file diff --git a/pom.xml b/pom.xml index 7961a9d5..52e13e70 100644 --- a/pom.xml +++ b/pom.xml @@ -114,6 +114,14 @@ springdoc-openapi-starter-webmvc-ui 2.5.0 + + org.springframework.boot + spring-boot-starter-actuator + + + io.micrometer + micrometer-registry-prometheus + diff --git a/prometheus.yml b/prometheus.yml new file mode 100644 index 00000000..fd1d4831 --- /dev/null +++ b/prometheus.yml @@ -0,0 +1,12 @@ +global: + scrape_interval: 2s + scrape_timeout: 1s + +scrape_configs: + - job_name: 'spring-application' + scrape_interval: 2s + scrape_timeout: 1s + metrics_path: '/actuator/prometheus' + scheme: https + static_configs: + - targets: [ 'wikigame.es:443' ] \ No newline at end of file diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties index 6e483e24..d7689afa 100644 --- a/src/main/resources/application-prod.properties +++ b/src/main/resources/application-prod.properties @@ -11,4 +11,5 @@ spring.jpa.hibernate.ddl-auto=update server.ssl.key-store=/certs/keystore.p12 server.ssl.key-store-password=${KEYSTORE_PASSWORD} server.ssl.keyStoreType=PKCS12 -server.ssl.keyAlias=keystore \ No newline at end of file +server.ssl.keyAlias=keystore +server.ssl.enabled-protocols=TLSv1.2 \ No newline at end of file diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index b2dc761a..660a6bfa 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,5 +1,5 @@ # Port 3000 for testing, local deployment -server.port=3000 +server.port=3100 server.address=0.0.0.0 # HSQL db @@ -13,3 +13,7 @@ springdoc.api-docs.path=/api-docs springdoc.swagger-ui.path=/api springdoc.swagger-ui.operationsSorter=method springdoc.packagesToScan=com.uniovi.controllers.api + +management.endpoint.metrics.enabled=true +management.endpoints.web.exposure.include=prometheus +management.endpoints.jmx.exposure.include=* diff --git a/testCert.crt b/testCert.crt new file mode 100644 index 00000000..d366bf5c --- /dev/null +++ b/testCert.crt @@ -0,0 +1,55 @@ +Bag Attributes + friendlyName: youralias + localKeyID: 54 69 6D 65 20 31 37 31 33 32 38 34 33 38 34 39 32 35 +subject=C = d, ST = d, L = d, O = d, OU = d, CN = d + +issuer=C = d, ST = d, L = d, O = d, OU = d, CN = d + +-----BEGIN CERTIFICATE----- +MIIDMzCCAhugAwIBAgIINBF3UUhqeiAwDQYJKoZIhvcNAQELBQAwSDEKMAgGA1UE +BhMBZDEKMAgGA1UECBMBZDEKMAgGA1UEBxMBZDEKMAgGA1UEChMBZDEKMAgGA1UE +CxMBZDEKMAgGA1UEAxMBZDAeFw0yNDA0MTYxNjE5NDRaFw0zNDA0MTQxNjE5NDRa +MEgxCjAIBgNVBAYTAWQxCjAIBgNVBAgTAWQxCjAIBgNVBAcTAWQxCjAIBgNVBAoT +AWQxCjAIBgNVBAsTAWQxCjAIBgNVBAMTAWQwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC5E0IFN+5p/sv0qGs9MnvVVjusbWV+BIW4wWmt8c3Rbd73cuSG +BS6iHErbZh7t8uv7wY0hO06lqsphRRjBzD5ouS4MS4dsLpMkgjMcll8PY17nA/iy +HiIb/Cp18srzqGQIXBow6gXaMcTU8irN+TEtmlT/DvwtVpVqy6eCqmmhPxXsyyw1 +8DxlWRTV2o7pPXg0YC6r6YEHLbprBbwa1YAqiaSciKTWgQuR1w7abkQz8slaM4kH +MLdad1ra0F96YaHDuDQBRD0Pe13xk4yvE4il3JiOoA1EEa7xC5CYdg2lb/kR1RME +3t7L7Aiv+ThxiIeK3Agj11Oj9lOn5NL93CW/AgMBAAGjITAfMB0GA1UdDgQWBBSv ++MwjgZhyyuU+LUZvM14sw4JmCjANBgkqhkiG9w0BAQsFAAOCAQEAp455G+Awasa0 +ZbN2tTyFaT5rhFfyZ5BNTPBnmVVOP6XCa2Ot3tc+wWu4eMp5bmPDziHYfyeApI8r +zPbSiPgt8SKDCBwI4UCysdKgjxPfWSPxlWV/SXAU3wyijlm/hyQpZzcDakW0Wrj6 +ihvC+zoOC0DOkU2AfWTHgz6M/zB+OCY8jPX57niPTTp4LUlA/VNUu2O6QWn/4M2y +mzkKtpmKyfS8niQOq+4K3UlVXHb4pu+hSdeizXYz1a81mB8AbLDwcuEsfMNJ9BeY +iYeTlkeBbY7Zw9yTNnZsrjyCtTedCO8POvEbC6nbZAyLb1MD6DsBrF/8D5Wf37ZK +/bF0j5s1jA== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: keystore + localKeyID: 54 69 6D 65 20 31 37 31 33 32 38 35 39 38 39 39 34 30 +subject=C = Unknown, ST = Unknown, L = Unknown, O = Unknown, OU = Unknown, CN = Unknown + +issuer=C = Unknown, ST = Unknown, L = Unknown, O = Unknown, OU = Unknown, CN = Unknown + +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIIXpBa0S6OUOUwDQYJKoZIhvcNAQELBQAwbDEQMA4GA1UE +BhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQ +MA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5r +bm93bjAeFw0yNDA0MTYxNjQ2MjlaFw0zNDA0MTQxNjQ2MjlaMGwxEDAOBgNVBAYT +B1Vua25vd24xEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAO +BgNVBAoTB1Vua25vd24xEDAOBgNVBAsTB1Vua25vd24xEDAOBgNVBAMTB1Vua25v +d24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0bVkhX3R258hDQ0ce +iJNDVDdM0tHZaDXi6Z8/0a71C5/fNO/yDBGosL+DquRp0gDKpHQY0dd8+//Mr2mJ +gRqvQ5x6bs1PXkpdoCceHCWhV66nCdzGC6JAwxO4vlDAWA5dBZbyUGdLHnedq3vc +q6OYxg8HfMItU7nOME6cv7nb74FRgxkODWZ5xo96HkgAVmbutwn01+yZjtTPjug0 +NO/nsciaHMpRKpCmopMsJ2fRJwOraT9CfGd3DLxgikHK1foJqtHmorBN5Nog3J2O +UtfhVYjsgU+PQXLP01mTMFFVxRbfWOySYfx3L/KNElbsHXLwVW4GcZwZV47Wmwj1 +CEoNAgMBAAGjITAfMB0GA1UdDgQWBBS9q5bQ4tQ/xdvAHutrqAFLNOiLoDANBgkq +hkiG9w0BAQsFAAOCAQEAHGpap48KVmhZVBRhVtUOJQ7FUT5KoIdJ5SPgji5ofj9o +96NL9o4+/3hH7xSuVH4CDi/GRVt5nv0sXoKpZ1zXG2n/5E/GenHybbjj7J/Rg9rn +0MLWrWaU32C8s9fouqUz9IyaMuUGTB208fOQB4Ymwz83xdoGZtC8P+vP1Q5DZyQn +XI8R7VDhcKRoCMBvqCWm2ynU1viPUEfNV/064S8TFuhYD4wXcqhSzgogsO0iKLIE +nGWRbkEeN+fuaiwUDszemLNXfpp5ojwbWW5+I6i2QUWqVbJbk0fDItgGGX5pzTqj +8cnJoqNaeBTzKTTW9/0mr5kkPqXtQCQum/3vnUo9wQ== +-----END CERTIFICATE----- diff --git a/testCert.p12 b/testCert.p12 new file mode 100644 index 00000000..a6f40045 Binary files /dev/null and b/testCert.p12 differ