# ===================================================================
# Spring Boot configuration for the "prod" profile.
#
# This configuration overrides the application.yml file.
#
# More information on profiles: https://www.jhipster.tech/profiles/
# More information on configuration properties: https://www.jhipster.tech/common-application-properties/
# ===================================================================
# ===================================================================
# Standard Spring Boot properties.
# Full reference is available at:
# http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html
# ===================================================================
logging:
level:
ROOT: INFO
tech.jhipster: INFO
at.ac.uibk.gitsearch: INFO
management:
metrics:
export:
prometheus:
enabled: false
spring:
devtools:
restart:
enabled: false
livereload:
enabled: false
datasource:
type: com.zaxxer.hikari.HikariDataSource
url: jdbc:mysql://sharing_mysql:3306/gitsearch?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC&createDatabaseIfNotExist=true
username: root
password:
hikari:
poolName: Hikari
auto-commit: false
data-source-properties:
cachePrepStmts: true
prepStmtCacheSize: 250
prepStmtCacheSqlLimit: 2048
useServerPrepStmts: true
# jpa:
# elasticsearch:
# rest:
# set by spring config
# uris: http://sharing_elasticsearch:9200
# Replace by 'prod, faker' to add the faker context and have sample data loaded in production
liquibase:
contexts: prod
mail:
host: smtp.uibk.ac.at
port: 25
from: artemis-support-informatik@uibk.ac.at
username: ${MAIL_USERNAME}
password: ${MAIL_PASSWORD}
smtp:
auth: true
starttls:
enable: true
required: true
enabled: true
thymeleaf:
cache: true
security:
oauth2:
client:
provider:
oidc:
issuer-uri: https://keycloak.sharing-codeability.uibk.ac.at/auth/realms/gitsearch
gitlabOidc:
issuer-uri: ${SECURITY_OAUTH2_CLIENT_PROVIDER_GITLABOIDC_ISSUERURI}
registration:
oidc:
client-id: myclient
client-secret: 7987e4e6e6d0c5ddb175a043d82c5675b69a2db177c7e815c13ae41515643498
scope: openid
gitlabOidc:
client-id: ${SECURITY_OAUTH2_CLIENT_REGISTRATION_GITLABOIDC_CLIENTID}
client-secret: ${SECURITY_OAUTH2_CLIENT_REGISTRATION_GITLABOIDC_CLIENTSECRET}
scope: api,read_user,read_api,read_repository,write_repository,read_registry,write_registry,sudo,openid,profile,email
# ===================================================================
# To enable TLS in production, generate a certificate using:
# keytool -genkey -alias gitsearch -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
#
# You can also use Let's Encrypt:
# https://maximilian-boehm.com/hp2121/Create-a-Java-Keystore-JKS-from-Let-s-Encrypt-Certificates.htm
#
# Then, modify the server.ssl properties so your "server" configuration looks like:
#
# server:
# port: 443
# ssl:
# key-store: classpath:config/tls/keystore.p12
# key-store-password: password
# key-store-type: PKCS12
# key-alias: selfsigned
# # The ciphers suite enforce the security by deactivating some old and deprecated SSL cipher, this list was tested against SSL Labs (https://www.ssllabs.com/ssltest/)
# ciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
# ===================================================================
server:
port: 8080
shutdown: graceful # see https://docs.spring.io/spring-boot/docs/current/reference/html/spring-boot-features.html#boot-features-graceful-shutdown
compression:
enabled: true
mime-types: text/html,text/xml,text/plain,text/css,application/javascript,application/json,image/svg+xml
min-response-size: 1024
# ===================================================================
# JHipster specific properties
#
# Full reference is available at: https://www.jhipster.tech/common-application-properties/
# ===================================================================
jhipster:
http:
cache: # Used by the CachingHttpHeadersFilter
timeToLiveInDays: 1461
cache: # Cache configuration
ehcache: # Ehcache configuration
time-to-live-seconds: 3600 # By default objects stay 1 hour in the cache
max-entries: 1000 # Number of objects in each cache entry
security:
content-security-policy: "default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://sharing-codeability.uibk.ac.at;connect-src 'self'; font-src 'self' data:"
oauth2:
audience:
# TODO: audience seems not really relevant, could be omitted? It is identical with client-id above
# - 149276ac11138d9ba72fb3cd12815e3fa2f372866df0eac0f7d1aae5fdffea24
authentication:
jwt:
# This token must be encoded using Base64 and be at least 256 bits long (you can type `openssl rand -base64 64` on your command line to generate a 512 bits one)
# As this is the PRODUCTION configuration, you MUST change the default key, and store it securely:
# - In the JHipster Registry (which includes a Spring Cloud Config server)
# - In a separate `application-prod.yml` file, in the same folder as your executable JAR file
# - In the `JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET` environment variable
base64-secret: ${JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64SECRET}
# Token is valid 24 hours
token-validity-in-seconds: 86400
token-validity-in-seconds-for-remember-me: 2592000
mail: # specific JHipster mail property, for standard properties see MailProperties
base-url: https://search.sharing-codeability.uibk.ac.at/ # Modify according to your server's URL
from: no-reply@uibk.ac.at
enabled: true
logging:
use-json-format: false # By default, logs are not in Json format
logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration
enabled: false
host: localhost
port: 5000
queue-size: 512
audit-events:
retention-period: 30 # Number of days before audit events are deleted.
# ===================================================================
# Application specific properties
# Add your own application properties here, see the ApplicationProperties class
# to have type-safe configuration, like in the JHipsterProperties above
#
# More documentation is available at:
# https://www.jhipster.tech/common-application-properties/
# ===================================================================
application:
registeredConnectors:
- url: 'https://artemis.codeability.uibk.ac.at/api/sharing/config'
accessToken: ${CONNECTOR_ARTEMIS_TOKEN}
registeredConnectorsCallBackURL: https://search.sharing-codeability.uibk.ac.at//api
installationName: Sharing Plattform
# applicationName: Sharing Plattform
gitlab:
url: https://sharing-codeability.uibk.ac.at
guestAccessToken: ${APPLICATION_GITLAB_GENERALACCESSTOKEN}
adminAccessToken: ${APPLICATION_GITLAB_ADMINACCESSTOKEN}
oeResource:
oerLink: https://oeresource.logic.at
apiLink: https://oeresource.logic.at/en/meta/api/v1?format=json