Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

📝 Doc: update README #911

Merged
merged 2 commits into from
Nov 26, 2024
Merged

📝 Doc: update README #911

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ac1a0b8
📝 Doc: update README
poissoj Oct 30, 2024
17c548d
feat: update docker compose and readme for https bo access instructions
Rhmaric Nov 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ static-front/
logs/
hs_err_pid*.log
tmp
**/certs/*

### STS ###
.apt_generated
Expand Down
36 changes: 36 additions & 0 deletions .nginx/nginx.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
events {
use epoll;
worker_connections 128;
}

http {
upstream df-bo-server {
server host.docker.internal:8081;
}
server {
listen 80;
listen [::]:80;
server_name bo-local.dossierfacile.fr;
location / {
return 302 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name bo-local.dossierfacile.fr;
ssl_certificate /etc/nginx/certs/nginx.crt;
ssl_certificate_key /etc/nginx/certs/nginx.key;
location / {
proxy_pass http://df-bo-server/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_redirect default;
}
location /static/ {
alias /static/;
}
}
}
46 changes: 44 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ You need to have [JDK 21](https://openjdk.org/projects/jdk/21/), [maven](https:/
### Database

Run:

```
docker-compose -f docker-compose.dev.yml up -d
```
Expand All @@ -27,9 +28,10 @@ To create a dedicated user and database for dossierfacile.
If you want to use [Keycloak](https://www.keycloak.org/) locally, follow the README instructions on repo [Dossier-Facile-Keycloak](https://github.com/MTES-MCT/Dossier-Facile-Keycloak).

To run this project, you will need the realm "dossier-facile" and a new client "dossier-facile-api", with:

- selected theme "df"
- in capability config, "client authentication" activated
Then go to tab "credentials" and copy the client secret
Then go to tab "credentials" and copy the client secret

### Config

Expand Down Expand Up @@ -176,7 +178,47 @@ brevo.apikey=
For each properties file, copy the `brevo.template.*` properties from `application.properties` to `application-dev.properties` and set the correct ids.

Note:
- dans le cas du run du service `dossierfacile-bo`, il semble manquer quelques identifiants de templates (notamment côté partner)
- In the case of the `dossierfacile-bo` service run, it appears that some Brevo template identifiers are missing (particularly on the partner side)

## HTTPS config for backOffice access

The `dossierfacile-bo` service requires HTTPS access for Google Single Sign-On (SSO). The `docker-compose.dev.yml` deploys an `nginx` container as a reverse proxy, with configuration located at `./.nginx/nginx.conf`. DossierFacile back-office will be served at https://bo-local.dossierfacile.fr/

### Generate Self-Signed SSL Certificate

Create SSL certificate files using OpenSSL:
```bash
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx.key -out nginx.crt
```

Certificates must be placed in folder `./.nginx/certs`

**Note**: When prompted, fill in the certificate details. The Common Name (CN) should match `bo-local.dossierfacile.fr`.

### Configure local hosts
Add the following line to `/etc/hosts`:
```
127.0.0.1 bo-local.dossierfacile.fr
```

**Important**: This step is crucial because Google SSO is configured with this specific redirect URI. Omitting this will result in a `redirect_uri_mismatch` error during login: `Erreur 400 : redirect_uri_mismatch`

### Initial login and user setup

Log in with a Google account. This automatically creates a user in the `public.user_account` table of the PostgreSQL `dossierfacile` database.

List existing users to find your user ID:
```sql
SELECT *
FROM public.user_account;
```

Add role entry to grant back-office access:
```sql
INSERT INTO public.user_roles
("role", user_id)
VALUES(2, <YOUR_USER_ID>);
```

## Build

Expand Down
16 changes: 14 additions & 2 deletions docker-compose.dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,16 @@
services:
nginx:
image: nginx:latest
container_name: dossierfacile_reverse_proxy
ports:
- "80:80"
- "443:443"
volumes:
- ./.nginx/nginx.conf:/etc/nginx/nginx.conf
- ./.nginx/certs:/etc/nginx/certs
restart: unless-stopped
networks:
- dossierfacile_network
postgres:
image: postgres:12
container_name: dossierfacile_postgres_db
Expand All @@ -18,12 +30,12 @@ services:
timeout: 5s
retries: 5
networks:
- postgres_network
- dossierfacile_network

volumes:
postgres_data:
driver: local

networks:
postgres_network:
dossierfacile_network:
driver: bridge