Build on Java 11
Build proto before other modules
No dependencies
No dependencies
Requires redis and mongo
docker run --name mongo -p 27017:27017 -d mongo
docker run --name redis -p 6379:6379 -d redis
db.createCollection("logs", {capped: true, size: 4096, max:5})
Web is Nginx HTTP server:
- Caching of static content
- Authorization (list of API and roles) using JWT tokens
- Reverse proxy
To simplify configuration there is python script which creates nginx.conf
Nginx config requires authorization mapping data (role to URL mapping). This mapping is done with *.yml files (one file per application/domain name)
subdomain-env: app1.local.com
static-root: /static/app1
api:
- context-path: /api
upstream-name: app1
upstream-url: host.docker.internal:8091
locations:
- url: /test1/{id}
roles: ['TEST_ROLE']
- url: /test2
roles: ['TEST_ROLE']
- url: /test3
roles: ['TEST_ROLE']
- url: /test4
roles: ['TEST_ROLE']
- url: /test5
roles: ['TEST_ROLE']
- url: /test6
roles: ['TEST_ROLE']
- context-path: /api/auth
upstream-name: authapp
upstream-url: host.docker.internal:8090
locations:
- url: /oauth/token
security: none
docker run --name ng -p8080:8080 ng
subdomain-env: app1.local.com
Application domain name. Nginx will use this domain name to resolve application and redirect to proper endpoint.
static-root: /static/app1
Static files location (All *.html, *.css, *.js and images)
- context-path: /api
Nginx resolves upstream endpoint by context path. This way we can hide auth application behind app1 domain name.
upstream-name: app1
Application upstream id.
upstream-url: host.docker.internal:8091
Application upstream url ("host.docker.internal" refers to docker parent host)
locations:
- url: /test1/{id}
roles: ['TEST_ROLE']
Authorization mapping role to URL (/test1/... is available to TEST_ROLE role)
Requires docker:
cd /nginx/config
docker build -t cg .
docker run --rm cg
Manually copy file content into nginx.conf file and place it into /nginx/web
After nginx.conf is ready
cd /nginx/web
docker build --no-cache -t ng .
docker run --rm -p8080:8080 --name ng ng
Asymmetric keys generation:
keytool -genkeypair -alias jwt -keyalg RSA -keypass 123456 -keystore jwt.jks -storepass 123456
Refer to controllers inside app1 and app2
http://localhost:8091/test1/1
http://localhost:8092/test1/1
header: Authorization: Basic [access token]
http://app1.local.com:8080/api/test1/1
http://app2.local.com:8080/api/test1/1
POST /oauth/token?grant_type=password&client_id=browser&client_secret=asdf HTTP/1.1
Host: localhost:8090
Cache-Control: no-cache
Postman-Token: b37c7d50-e9e3-2863-59a7-51e0a07c88cf
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="username"
login
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="password"
password
------WebKitFormBoundary7MA4YWxkTrZu0gW--
POST /api/auth/oauth/token?grant_type=password&client_id=browser&client_secret=asdf HTTP/1.1
Host: app1.local.com:8080
Cache-Control: no-cache
Postman-Token: b37c7d50-e9e3-2863-59a7-51e0a07c88cf
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="username"
login
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="password"
password
------WebKitFormBoundary7MA4YWxkTrZu0gW--