diff --git a/.gitignore b/.gitignore index 7b5274dab..e7844facd 100644 --- a/.gitignore +++ b/.gitignore @@ -11,6 +11,7 @@ static-front/ logs/ hs_err_pid*.log tmp +**/certs/* ### STS ### .apt_generated diff --git a/.nginx/nginx.conf b/.nginx/nginx.conf new file mode 100644 index 000000000..6caeb5682 --- /dev/null +++ b/.nginx/nginx.conf @@ -0,0 +1,36 @@ +events { + use epoll; + worker_connections 128; +} + +http { + upstream df-bo-server { + server host.docker.internal:8081; + } + server { + listen 80; + listen [::]:80; + server_name bo-local.dossierfacile.fr; + location / { + return 302 https://$host$request_uri; + } + } + server { + listen 443 ssl; + listen [::]:443 ssl; + server_name bo-local.dossierfacile.fr; + ssl_certificate /etc/nginx/certs/nginx.crt; + ssl_certificate_key /etc/nginx/certs/nginx.key; + location / { + proxy_pass http://df-bo-server/; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + proxy_redirect default; + } + location /static/ { + alias /static/; + } + } +} \ No newline at end of file diff --git a/README.md b/README.md index b5879edb5..5548e6c81 100644 --- a/README.md +++ b/README.md @@ -178,57 +178,48 @@ brevo.apikey= For each properties file, copy the `brevo.template.*` properties from `application.properties` to `application-dev.properties` and set the correct ids. Note: +- In the case of the `dossierfacile-bo` service run, it appears that some Brevo template identifiers are missing (particularly on the partner side) -- dans le cas du run du service `dossierfacile-bo`, il semble manquer quelques identifiants de templates (notamment côté partner) - -## nginx - -For dossierfacile-bo, you need https access. You can use this nginx config for that: - -```nginx -upstream df-bo-server { - server localhost:8081; -} - -server { - listen 80; - listen [::]:80; - server_name bo-local.dossierfacile.fr; - location / { - return 302 https://$host$request_uri; - } -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name bo-local.dossierfacile.fr; - ssl_certificate /etc/ssl/domain.crt; - ssl_certificate_key /etc/ssl/domain.key; - ssl_trusted_certificate /etc/ssl/bo_server.crt; - location / { - proxy_pass http://df-bo-server/; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - proxy_redirect default; - } - location /static/ { - alias /static/; - } -} +## HTTPS config for backOffice access +The `dossierfacile-bo` service requires HTTPS access for Google Single Sign-On (SSO). The `docker-compose.dev.yml` deploys an `nginx` container as a reverse proxy, with configuration located at `./.nginx/nginx.conf`. DossierFacile back-office will be served at https://bo-local.dossierfacile.fr/ + +### Generate Self-Signed SSL Certificate + +Create SSL certificate files using OpenSSL: +```bash +openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx.key -out nginx.crt ``` -You can [create the certificate files with open-ssl](https://www.baeldung.com/openssl-self-signed-cert). +Certificates must be placed in folder `./.nginx/certs` -Then add the following line to your `/etc/hosts` file: +**Note**: When prompted, fill in the certificate details. The Common Name (CN) should match `bo-local.dossierfacile.fr`. +### Configure local hosts +Add the following line to `/etc/hosts`: ``` 127.0.0.1 bo-local.dossierfacile.fr ``` +**Important**: This step is crucial because Google SSO is configured with this specific redirect URI. Omitting this will result in a `redirect_uri_mismatch` error during login: `Erreur 400 : redirect_uri_mismatch` + +### Initial login and user setup + +Log in with a Google account. This automatically creates a user in the `public.user_account` table of the PostgreSQL `dossierfacile` database. + +List existing users to find your user ID: +```sql +SELECT * +FROM public.user_account; +``` + +Add role entry to grant back-office access: +```sql +INSERT INTO public.user_roles +("role", user_id) +VALUES(2, ); +``` + ## Build Run `mvn clean install` from the root folder. This will build every module. diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index 29a227eb4..f573770c9 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -1,4 +1,16 @@ services: + nginx: + image: nginx:latest + container_name: dossierfacile_reverse_proxy + ports: + - "80:80" + - "443:443" + volumes: + - ./.nginx/nginx.conf:/etc/nginx/nginx.conf + - ./.nginx/certs:/etc/nginx/certs + restart: unless-stopped + networks: + - dossierfacile_network postgres: image: postgres:12 container_name: dossierfacile_postgres_db @@ -18,12 +30,12 @@ services: timeout: 5s retries: 5 networks: - - postgres_network + - dossierfacile_network volumes: postgres_data: driver: local networks: - postgres_network: + dossierfacile_network: driver: bridge \ No newline at end of file