84 lines
3.4 KiB
Properties
84 lines
3.4 KiB
Properties
# Configuration de production pour BTP Xpress - Frontend-Centric Auth
|
|
# Variables d'environnement requises :
|
|
# - DB_URL : URL de la base de données PostgreSQL
|
|
# - DB_USERNAME : Nom d'utilisateur de la base de données
|
|
# - DB_PASSWORD : Mot de passe de la base de données
|
|
# Le frontend gère l'authentification OAuth avec Keycloak
|
|
# Le backend valide simplement les tokens JWT envoyés par le frontend
|
|
|
|
# Base de données
|
|
quarkus.datasource.jdbc.url=${DB_URL:jdbc:postgresql://postgres:5432/btpxpress}
|
|
quarkus.datasource.username=${DB_USERNAME:btpxpress_user}
|
|
quarkus.datasource.password=${DB_PASSWORD}
|
|
quarkus.hibernate-orm.schema-management.strategy=validate
|
|
quarkus.hibernate-orm.log.sql=false
|
|
quarkus.hibernate-orm.log.bind-parameters=false
|
|
|
|
# Serveur HTTP
|
|
quarkus.http.port=${SERVER_PORT:8080}
|
|
quarkus.http.host=0.0.0.0
|
|
# Note: Ingress nginx uses rewrite-target to strip /btpxpress prefix before forwarding
|
|
# Backend serves endpoints directly without context path (e.g., /api/v1/users, /q/health)
|
|
# External URL: https://api.lions.dev/btpxpress/... → Backend receives: /...
|
|
|
|
# CORS Configuration pour production
|
|
quarkus.http.cors.enabled=true
|
|
quarkus.http.cors.origins=https://btpxpress.lions.dev
|
|
quarkus.http.cors.methods=GET,POST,PUT,DELETE,OPTIONS
|
|
quarkus.http.cors.headers=Content-Type,Authorization,X-Requested-With
|
|
quarkus.http.cors.exposed-headers=Content-Disposition
|
|
quarkus.http.cors.access-control-max-age=24H
|
|
quarkus.http.cors.access-control-allow-credentials=true
|
|
|
|
# JWT validation - Tokens envoyés par le frontend
|
|
mp.jwt.verify.publickey.location=https://security.lions.dev/realms/btpxpress/protocol/openid-connect/certs
|
|
mp.jwt.verify.issuer=https://security.lions.dev/realms/btpxpress
|
|
quarkus.smallrye-jwt.enabled=true
|
|
quarkus.smallrye-jwt.auth-mechanism=MP-JWT
|
|
quarkus.smallrye-jwt.require-named-principal=false
|
|
|
|
# Sécurité
|
|
quarkus.security.auth.enabled=true
|
|
quarkus.security.auth.proactive=false
|
|
|
|
# Permissions pour accès public aux endpoints de documentation et santé
|
|
quarkus.http.auth.permission.public.paths=/q/*,/openapi,/swagger-ui/*
|
|
quarkus.http.auth.permission.public.policy=permit
|
|
|
|
# Authentification JWT requise pour tous les autres endpoints
|
|
quarkus.http.auth.permission.authenticated.paths=/*
|
|
quarkus.http.auth.permission.authenticated.policy=authenticated
|
|
|
|
# Logging
|
|
quarkus.log.level=INFO
|
|
quarkus.log.category."dev.lions.btpxpress".level=INFO
|
|
quarkus.log.category."org.hibernate".level=WARN
|
|
quarkus.log.category."io.quarkus".level=INFO
|
|
quarkus.log.category."io.quarkus.smallrye.jwt".level=INFO
|
|
|
|
# Métriques et monitoring
|
|
quarkus.micrometer.export.prometheus.enabled=true
|
|
quarkus.micrometer.export.prometheus.path=/metrics
|
|
quarkus.smallrye-health.ui.enable=true
|
|
|
|
# Cache
|
|
quarkus.cache.caffeine.default.initial-capacity=100
|
|
quarkus.cache.caffeine.default.maximum-size=1000
|
|
quarkus.cache.caffeine.default.expire-after-write=PT30M
|
|
|
|
# Pool de connexions optimisé pour production
|
|
quarkus.datasource.jdbc.initial-size=10
|
|
quarkus.datasource.jdbc.min-size=10
|
|
quarkus.datasource.jdbc.max-size=50
|
|
quarkus.datasource.jdbc.acquisition-timeout=PT30S
|
|
quarkus.datasource.jdbc.leak-detection-interval=PT10M
|
|
|
|
# OpenAPI/Swagger
|
|
quarkus.swagger-ui.always-include=true
|
|
quarkus.swagger-ui.path=/swagger-ui
|
|
quarkus.swagger-ui.urls.default=/btpxpress/openapi
|
|
quarkus.smallrye-openapi.path=/openapi
|
|
quarkus.smallrye-openapi.info-title=BTP Xpress API
|
|
quarkus.smallrye-openapi.info-version=1.0.0
|
|
quarkus.smallrye-openapi.info-description=Backend REST API for BTP Xpress application
|