# Configuration de production pour BTP Xpress - Frontend-Centric Auth # Variables d'environnement requises : # - DB_URL : URL de la base de données PostgreSQL # - DB_USERNAME : Nom d'utilisateur de la base de données # - DB_PASSWORD : Mot de passe de la base de données # Le frontend gère l'authentification OAuth avec Keycloak # Le backend valide simplement les tokens JWT envoyés par le frontend # Base de données quarkus.datasource.jdbc.url=${DB_URL:jdbc:postgresql://postgres:5432/btpxpress} quarkus.datasource.username=${DB_USERNAME:btpxpress_user} quarkus.datasource.password=${DB_PASSWORD} quarkus.hibernate-orm.database.generation=validate quarkus.hibernate-orm.log.sql=false quarkus.hibernate-orm.log.bind-parameters=false # Serveur HTTP quarkus.http.port=${SERVER_PORT:8080} quarkus.http.host=0.0.0.0 # Note: Ingress nginx uses rewrite-target to strip /btpxpress prefix before forwarding # Backend serves endpoints directly without context path (e.g., /api/v1/users, /q/health) # External URL: https://api.lions.dev/btpxpress/... → Backend receives: /... # CORS Configuration pour production quarkus.http.cors=true quarkus.http.cors.origins=https://btpxpress.lions.dev quarkus.http.cors.methods=GET,POST,PUT,DELETE,OPTIONS quarkus.http.cors.headers=Content-Type,Authorization,X-Requested-With quarkus.http.cors.exposed-headers=Content-Disposition quarkus.http.cors.access-control-max-age=24H quarkus.http.cors.access-control-allow-credentials=true # JWT validation - Tokens envoyés par le frontend mp.jwt.verify.publickey.location=https://security.lions.dev/realms/btpxpress/protocol/openid-connect/certs mp.jwt.verify.issuer=https://security.lions.dev/realms/btpxpress quarkus.smallrye-jwt.enabled=true quarkus.smallrye-jwt.auth-mechanism=MP-JWT quarkus.smallrye-jwt.require-named-principal=false # Sécurité quarkus.security.auth.enabled=true quarkus.security.auth.proactive=false # Permissions pour accès public aux endpoints de documentation et santé quarkus.http.auth.permission.public.paths=/q/*,/openapi,/swagger-ui/* quarkus.http.auth.permission.public.policy=permit # Authentification JWT requise pour tous les autres endpoints quarkus.http.auth.permission.authenticated.paths=/* quarkus.http.auth.permission.authenticated.policy=authenticated # Logging quarkus.log.level=INFO quarkus.log.category."dev.lions.btpxpress".level=INFO quarkus.log.category."org.hibernate".level=WARN quarkus.log.category."io.quarkus".level=INFO quarkus.log.category."io.quarkus.smallrye.jwt".level=INFO # Métriques et monitoring quarkus.micrometer.export.prometheus.enabled=true quarkus.micrometer.export.prometheus.path=/metrics quarkus.smallrye-health.ui.enable=true # Cache quarkus.cache.caffeine.default.initial-capacity=100 quarkus.cache.caffeine.default.maximum-size=1000 quarkus.cache.caffeine.default.expire-after-write=PT30M # Pool de connexions optimisé pour production quarkus.datasource.jdbc.initial-size=10 quarkus.datasource.jdbc.min-size=10 quarkus.datasource.jdbc.max-size=50 quarkus.datasource.jdbc.acquisition-timeout=PT30S quarkus.datasource.jdbc.leak-detection-interval=PT10M # OpenAPI/Swagger quarkus.swagger-ui.always-include=true quarkus.swagger-ui.path=/swagger-ui quarkus.swagger-ui.urls.default=/btpxpress/openapi quarkus.smallrye-openapi.path=/openapi quarkus.smallrye-openapi.info-title=BTP Xpress API quarkus.smallrye-openapi.info-version=1.0.0 quarkus.smallrye-openapi.info-description=Backend REST API for BTP Xpress application