• Home
• de.trustable.ca3s.core
• ca-3-s
• 0.1.26
• source code
• application-prod.yml

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

config.application-prod.yml Maven / Gradle / Ivy

# ===================================================================
# Spring Boot configuration for the "prod" profile.
#
# This configuration overrides the application.yml file.
#
# More information on profiles: https://www.jhipster.tech/profiles/
# More information on configuration properties: https://www.jhipster.tech/common-application-properties/
# ===================================================================

# ===================================================================
# Standard Spring Boot properties.
# Full reference is available at:
# http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html
# ===================================================================

keycloak:
  auth-server-url: http://127.0.0.1:50080/auth
  realm: ca3sRealm
  resource: ca3s
  public-client: true
#  ssl-required: external
#  credentials.secret: 11111111-1111-1111-1111-111111111111
#  use-resource-role-mappings: true
  enabled: false


logging:
  level:
    ROOT: INFO
    io.github.jhipster: INFO
    de.trustable.ca3s.core: DEBUG
    de.trustable.ca3s.core.schedule.RequestProxyScheduler: WARN
    de.trustable.ca3s.core.service.util.CaConnectorAdapter: WARN
    de.trustable.ca3s.core.service.adcs: WARN
    de.trustable.ca3s.core.service.cmp: WARN
    de.trustable.ca3s.core.service.dir: WARN
    de.trustable.ca3s.core.security.provider.Ca3sTrustManager: WARN
    de.trustable.util.CryptoUtil: WARN
    org.keycloak.adapters: DEBUG
    org.springframework.security: INFO

management:
  metrics:
    export:
      prometheus:
        enabled: false

spring:
  profiles:
    active: prod
    include:
      # - swagger
      # (Un)comment to activate TLS for the prod profile
      # - tls
  devtools:
    restart:
      enabled: false
    livereload:
      enabled: false
  datasource:

# sample configuration for a mysql connection
    type: com.zaxxer.hikari.HikariDataSource
    url: jdbc:mysql://localhost:3306/ca3s_jh_dev?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC&allowPublicKeyRetrieval=true
    username: ca3s_jh_dev
    password: nYbA4Jm4rnQJ

# connect to the database with user-only privileges
# the application runs with restricted rights, liquibase uses admin rights to create / alter the DB scheme
#    url: jdbc:mysql://localhost:3306/ca3s_sep_roles?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC&allowPublicKeyRetrieval=true
#    username: ca3s_sr_user
#    password: o2Z3je8twZ5W

    hikari:
      poolName: Hikari
      auto-commit: false
      data-source-properties:
        cachePrepStmts: true
        prepStmtCacheSize: 250
        prepStmtCacheSqlLimit: 2048
        useServerPrepStmts: true
  jpa:
    database-platform: org.hibernate.dialect.MySQL5InnoDBDialect
    database: MYSQL
    show-sql: false
    properties:
      hibernate.id.new_generator_mappings: true
      hibernate.connection.provider_disables_autocommit: true
      hibernate.cache.use_second_level_cache: false
      hibernate.cache.use_query_cache: false
      hibernate.generate_statistics: false
  # Replace by 'prod, faker' to add the faker context and have sample data loaded in production
  liquibase:
    contexts: prod
#    changeLog: classpath:config/liquibase-3.5/master.xml
# connect to the database with admin privileges
#    default-schema: ca3s_sep_roles
#    user: ca3s_sr_admin
#    password: MLQ738PdLpio
  mail:
    host: localhost
    port: 25
    username:
    password:
  thymeleaf:
    cache: true

# ===================================================================
# To enable TLS in production, generate a certificate using:
# keytool -genkey -alias ca3s_jh -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
#
# You can also use Let's Encrypt:
# https://maximilian-boehm.com/hp2121/Create-a-Java-Keystore-JKS-from-Let-s-Encrypt-Certificates.htm
#
# Then, modify the server.ssl properties so your "server" configuration looks like:
#
# server:
#    port: 443
#    ssl:
#        key-store: classpath:config/tls/keystore.p12
#        key-store-password: password
#        key-store-type: PKCS12
#        key-alias: ca3s_jh
#        # The ciphers suite enforce the security by deactivating some old and deprecated SSL cipher, this list was tested against SSL Labs (https://www.ssllabs.com/ssltest/)
#        ciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
# ===================================================================
server:
#  port: 8443
  port: 8080
  compression:
    enabled: true
    mime-types: text/html,text/xml,text/plain,text/css, application/javascript, application/json
    min-response-size: 1024

# ===================================================================
# JHipster specific properties
#
# Full reference is available at: https://www.jhipster.tech/common-application-properties/
# ===================================================================

jhipster:
  http:
    cache: # Used by the CachingHttpHeadersFilter
      timeToLiveInDays: 1461
  cache: # Cache configuration
    ehcache: # Ehcache configuration
      time-to-live-seconds: 3600 # By default objects stay 1 hour in the cache
      max-entries: 1000 # Number of objects in each cache entry
#  cors:
#    allowed-origins: '*'
  security:
    authentication:
      jwt:
        # This token must be encoded using Base64 and be at least 256 bits long (you can type `openssl rand -base64 64` on your command line to generate a 512 bits one)
        # As this is the PRODUCTION configuration, you MUST change the default key, and store it securely:
        # - In the JHipster Registry (which includes a Spring Cloud Config server)
        # - In a separate `application-prod.yml` file, in the same folder as your executable JAR file
        # - In the `JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET` environment variable
        base64-secret: Mjk3NjM4OWI4NWU3ZjE3NjQ3OWRiZjI3OWYwYmZiNWY1NzA2YjAzZTY2ODJhNWM5MjFjYzZmZTZlMDE4YWRhNDg0MjJlNDYzNThhODBjNmU0ZGFjMGY3MTc5OTVlNmEyZWFiZmIwMDIxYTExYzkxNGM3YmM2YmVmMmNlZWE2YmQ=
        # Token is valid 24 hours
        token-validity-in-seconds: 86400
        token-validity-in-seconds-for-remember-me: 2592000
  mail: # specific JHipster mail property, for standard properties see MailProperties
    base-url: http://localhost:8080 # Modify according to your server's URL
  metrics:
    logs: # Reports metrics in the logs
      enabled: false
      report-frequency: 60 # in seconds
  logging:
    use-json-format: false # By default, logs are not in Json format
    logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration
      enabled: false
      host: localhost
      port: 5000
      queue-size: 512
  audit-events:
    retention-period: 30 # Number of days before audit events are deleted.

# ===================================================================
# Application specific properties
# Add your own application properties here, see the ApplicationProperties class
# to have type-safe configuration, like in the JHipsterProperties above
#
# More documentation is available at:
# https://www.jhipster.tech/common-application-properties/
# ===================================================================

# ===================================================================
# Kerberos configuration
#
# 1. Define a Service Principal Name(SPN) for ca3s using HTTP and the server name ( e.g. 'ca3s.server') where ca3s is installed.
#    Provide the Windows domain user that is accociated with the service:
#  setspn -A HTTP/ca3s.server ca3sUser
#
# 2. Export the keytab to a file (e.g. ca3s.keytab)
#    Associate it with the user account ('ca3sUser')
#    Provide the service principal and server ('HTTP/[email protected]')
#    Provide the user's password
#    use the KRB5_NT_PRINCIPAL
#    limit the crypto parameter when required
#  ktpass /out ca3s.keytab /mapuser ca3sUser /princ HTTP/[email protected] /pass ****** /ptype KRB5_NT_PRINCIPAL /crypto All
#
# 3. configure the relevant parameter for the Kerberos connection (Active Directory domain, LDAP access point,
#    the pricipal as defined above, the keytab file's path just created, the search base and search filter to identify the ca3s Windows user)
#    using the corresponding properties below.
# ===================================================================

# application:
protectionSecret: bnJvbGwvV1MtMjAxOS1DQS5jcmyGK2h0dHA6Ly90cnVzdGFibGUuZXUvYWRjc1Rl

ca3s:
  ui:
# limit the set of selectable languages, available languages are de, en, pl
# if only one language is selected, the user form for selection is disabled / hidden.
#    languages: de
# provide a custom image for the upper left corner of the user interface
# Remark: PNG format, only
#    logo: custom_logo.png

#  help:
#    en: /var/help/custom_help_en.md
#    de: /var/help/custom_help_de.md

  dns:
#    server: 8.8.8.8
    server: 213.133.106.251
    port: 53

  https:
    certificate:
      dnSuffix: O=Trustable Solutions,OU=CA3S Instance,C=DE
      sans: trustable.de, www.trustable.de
#  certificateSelectionAttributes: Foo,Bar,Baz

  scep:
    recipient:
      certificate:
        cnSuffix: .trustable.de

  auth:
    kerberos:
      service-principal: HTTP/admin@ci-adcs
      keytab-location: ca3s.keytab
    ad-domain: foo
    ldap:
      url: ldap://testLDAP.eu:123
      baseDN: dc=testLDAP,dc=eu
      search-base: dc=testLDAP,dc=eu
      search-filter: dc=testLDAP,dc=eu
      group-search-base: (| (userPrincipalName={0}) (sAMAccountName={0}))
      principal: cn=alice,ou=people,dc=testLDAP,dc=eu
      password: s3cr3t

# check your configuration with e.g.
# http://keycloak-server/auth/realms/ca3sRealm/.well-known/openid-configuration
  oidc:

    client-id: ca3s
    client-secret: 197bc3b4-64b0-452f-9bdb-fcaea0988e90
    scope: openid, profile
    authorization-grant-type: password

    authorization-uri: http://keycloak.trustable.eu:50080/auth/realms/ca3sRealm/protocol/openid-connect/auth
    user-info-uri: http://keycloak.trustable.eu:50080/auth/realms/ca3sRealm/protocol/openid-connect/userinfo
    token-uri: http://keycloak.trustable.eu:50080/auth/realms/ca3sRealm/protocol/openid-connect/token
    logout: http://keycloak.trustable.eu:50080/auth/realms/ca3sRealm/protocol/openid-connect/logout
    jwk-set-uri: http://keycloak.trustable.eu:50080/auth/realms/ca3sRealm/protocol/openid-connect/certs
    certs-id: vdaec4Br3ZnRFtZN-pimK9v1eGd3gL2MHu8rQ6M5SiE