From a803c8538551e6647a87a6ad68f67a554694f300 Mon Sep 17 00:00:00 2001
From: holzi1005 <andreas.holzmann@h2-invent.com>
Date: Wed, 8 Jan 2025 10:18:48 +0100
Subject: [PATCH] add https docker compose

---
 .docker-compose.http.yml  |  1 +
 .docker-compose.https.yml | 72 ++++++++++-----------------------------
 2 files changed, 19 insertions(+), 54 deletions(-)

diff --git a/.docker-compose.http.yml b/.docker-compose.http.yml
index fd6f8e0..978ed5d 100644
--- a/.docker-compose.http.yml
+++ b/.docker-compose.http.yml
@@ -54,6 +54,7 @@ services:
     depends_on:
       db-odc:
         condition: service_healthy
+    restart: unless-stopped
     env_file:
       - ./.env.local
       - ./.env.custom
diff --git a/.docker-compose.https.yml b/.docker-compose.https.yml
index a6d6df7..32ce665 100644
--- a/.docker-compose.https.yml
+++ b/.docker-compose.https.yml
@@ -8,34 +8,17 @@ services:
       - "--log.level=DEBUG"
       - "--api.insecure=true"
       - "--providers.docker=true"
-      - "--api.dashboard=true"
-
       - "--providers.docker.exposedbydefault=false"
-
-      - "--entrypoints.web.address=:80"
+      - "--entrypoints.unsecure.address=:80"
       # Global HTTPS
-      # - "--entrypoints.web.address=:443"
-      # - "--entrypoints.unsecure.http.redirections.entryPoint.to=web"
-      # - "--entrypoints.unsecure.http.redirections.entryPoint.scheme=https"
+      - "--entrypoints.web.address=:443"
+      - "--entrypoints.unsecure.http.redirections.entryPoint.to=web"
+      - "--entrypoints.unsecure.http.redirections.entryPoint.scheme=https"
       # SSL configuration
-      # - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
-      # - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=unsecure"
-      # - "--certificatesresolvers.letsencrypt.acme.email=${registerEmailAdress}"
-      # - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
-
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
-      - "traefik.http.routers.http-catchall.entrypoints=unsecure"
-      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
-      # - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
-
-      - "traefik.http.routers.traefik-odc.rule=Host(`traefik.<clientUrl>`)"
-      - "traefik.http.routers.traefik-odc.entrypoints=web"
-      - "traefik.http.routers.traefik-odc.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.traefik-odc.service=api@internal"
-      - "traefik.http.routers.traefik-odc.middlewares=traefik-auth"
-      - "traefik.http.middlewares.traefik-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/" # test:test
+      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
+      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=unsecure"
+      - "--certificatesresolvers.letsencrypt.acme.email=webmaster@odc-master.de"
+      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
 
     ports:
       - "80:80"
@@ -52,26 +35,16 @@ services:
       db-odc:
         condition: service_healthy
     restart: unless-stopped
-
-    environment:
-      DATABASE_URL: mysql://odc:<odcMySqlPw>@db-odc:3306/odc
-      OAUTH_KEYCLOAK_CLIENT_ID: opendatenschutzcenter
-      OAUTH_KEYCLOAK_CLIENT_SECRET: <clientsecret>
-      OAUTH_KEYCLOAK_SERVER: '<httpMethod>://<clientUrl>/keycloak'
-      OAUTH_KEYCLOAK_REALM: opendatenschutzcenter
-      MAILER_DSN: 'null://null'
-      laF_version: 3.0.4
-      demo_installation: demo
+    env_file:
+      - ./.env.local
+      - ./.env.custom
     labels:
       - "traefik.enable=true"
-      #- "traefik.http.routers.app-odc.tls=true"
       - "traefik.http.routers.app-odc.rule=Host(`<clientUrl>`)"
       - "traefik.http.routers.app-odc.entrypoints=web"
       - "traefik.http.services.app-odc.loadbalancer.server.port=8080"
-      #- "traefik.http.routers.app-odc.tls.certresolver=letsencrypt"
-      - "traefik.http.services.app-odc.loadbalancer.sticky=true"
-      - "traefik.http.services.app-odc.loadbalancer.sticky.cookie.name=odc"
-      - "traefik.http.services.app-odc.loadbalancer.sticky.cookie.secure=true"
+      - "traefik.http.routers.app-odc.tls=true"
+      - "traefik.http.routers.app-odc.tls.certresolver=letsencrypt"
     extra_hosts:
       - "<clientUrl>:<hostIp>"
     volumes:
@@ -98,32 +71,23 @@ services:
     depends_on:
       app-odc:
         condition: service_healthy
-    environment:
-      KEYCLOAK_ADMIN: admin
-      KEYCLOAK_ADMIN_PASSWORD: <keycloakAdminPw>
-      KC_DB: mariadb
-      KC_DB_PASSWORD: <keycloak-pw>
-      KC_DB_URL: jdbc:mariadb://db-odc:3306/keycloak
-      KC_DB_USERNAME: keycloak
-      KC_HOSTNAME_URL: <httpMethod>://<clientUrl>/keycloak
-      KC_HOSTNAME_PATH: <httpMethod>://<clientUrl>/keycloak
-      KC_HOSTNAME_ADMIN_URL: <httpMethod>://<clientUrl>/keycloak
-      KC_HTTP_RELATIVE_PATH: /keycloak
-      KC_PROXY: passthrough
+    restart: unless-stopped
+    env_file:
+      - ./.env.local
+      - ./.env.custom
     command:
       - start-dev
       - --import-realm
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.keycloak-odc.tls=true"
       - "traefik.http.routers.keycloak-odc.rule=Host(`<clientUrl>`) && PathPrefix(`/keycloak`)"
       - "traefik.http.routers.keycloak-odc.entrypoints=web"
       - "traefik.http.services.keycloak-odc.loadbalancer.server.port=8080"
+      - "traefik.http.routers.keycloak-odc.tls=true"
       - "traefik.http.routers.keycloak-odc.tls.certresolver=letsencrypt"
     volumes:
       - ./keycloak/:/opt/keycloak/data/import
 
-
 volumes:
   mariadb:
   datenschutzcenter_uploads: