From 27c3f4d136c00397d0526145aec57551bf5f68f9 Mon Sep 17 00:00:00 2001 From: hsiegeln <37154749+hsiegeln@users.noreply.github.com> Date: Mon, 13 Apr 2026 22:51:33 +0200 Subject: [PATCH] refactor: prefix all third-party service names with cameleer- MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Rename all Docker Compose service names, DNS hostnames, volumes, and Traefik labels to use the cameleer- prefix for clear ownership. Services renamed: - postgres → cameleer-postgres - clickhouse → cameleer-clickhouse - logto → cameleer-logto - traefik → cameleer-traefik Volumes renamed: - pgdata → cameleer-pgdata - chdata → cameleer-chdata - certs → cameleer-certs - bootstrapdata → cameleer-bootstrapdata Updated across: - docker-compose.yml, docker-compose.dev.yml - installer/cameleer/docker-compose.yml - installer/install.sh, installer/install.ps1 - application.yml defaults - DockerTenantProvisioner.java hardcoded URL - logto-bootstrap.sh defaults - VendorTenantServiceTest.java - CLAUDE.md, docs/architecture.md, docs/user-manual.md Co-Authored-By: Claude Opus 4.6 (1M context) --- CLAUDE.md | 4 +- docker-compose.dev.yml | 6 +- docker-compose.yml | 76 ++++----- docker/logto-bootstrap.sh | 6 +- docs/architecture.md | 14 +- docs/user-manual.md | 2 +- installer/cameleer/docker-compose.yml | 158 ++++++++++++++++++ installer/install.ps1 | 94 +++++------ installer/install.sh | 134 +++++++-------- .../provisioning/DockerTenantProvisioner.java | 2 +- src/main/resources/application.yml | 10 +- .../saas/vendor/VendorTenantServiceTest.java | 2 +- 12 files changed, 333 insertions(+), 175 deletions(-) create mode 100644 installer/cameleer/docker-compose.yml diff --git a/CLAUDE.md b/CLAUDE.md index 68f5fd9..827fdec 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -178,7 +178,7 @@ These env vars are injected into provisioned per-tenant server containers: | Env var | Value | Purpose | |---------|-------|---------| | `CAMELEER_SERVER_SECURITY_OIDCISSUERURI` | `${PUBLIC_PROTOCOL}://${PUBLIC_HOST}/oidc` | Token issuer claim validation | -| `CAMELEER_SERVER_SECURITY_OIDCJWKSETURI` | `http://logto:3001/oidc/jwks` | Docker-internal JWK fetch | +| `CAMELEER_SERVER_SECURITY_OIDCJWKSETURI` | `http://cameleer-logto:3001/oidc/jwks` | Docker-internal JWK fetch | | `CAMELEER_SERVER_SECURITY_OIDCTLSSKIPVERIFY` | `true` (conditional) | Skip cert verify for OIDC discovery; only set when no `/certs/ca.pem` exists. When ca.pem exists, the server's `docker-entrypoint.sh` imports it into the JVM truststore instead. | | `CAMELEER_SERVER_SECURITY_OIDCAUDIENCE` | `https://api.cameleer.local` | JWT audience validation for OIDC tokens | | `CAMELEER_SERVER_SECURITY_CORSALLOWEDORIGINS` | `${PUBLIC_PROTOCOL}://${PUBLIC_HOST}` | Allow browser requests through Traefik | @@ -358,7 +358,7 @@ PostgreSQL (Flyway): `src/main/resources/db/migration/` # GitNexus — Code Intelligence -This project is indexed by GitNexus as **cameleer-saas** (2675 symbols, 5767 relationships, 224 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely. +This project is indexed by GitNexus as **cameleer-saas** (2676 symbols, 5768 relationships, 224 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely. > If any GitNexus tool warns the index is stale, run `npx gitnexus analyze` in terminal first. diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index 289da37..4c729ad 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -1,11 +1,11 @@ # Development overrides: exposes ports for direct access # Usage: docker compose -f docker-compose.yml -f docker-compose.dev.yml up services: - postgres: + cameleer-postgres: ports: - "5432:5432" - logto: + cameleer-logto: ports: - "3001:3001" @@ -31,6 +31,6 @@ services: CAMELEER_SAAS_PROVISIONING_NETWORKNAME: cameleer-saas_cameleer CAMELEER_SAAS_PROVISIONING_TRAEFIKNETWORK: cameleer-traefik - clickhouse: + cameleer-clickhouse: ports: - "8123:8123" diff --git a/docker-compose.yml b/docker-compose.yml index aa78878..38a83e8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,5 @@ services: - traefik: + cameleer-traefik: image: ${TRAEFIK_IMAGE:-gitea.siegeln.net/cameleer/cameleer-traefik}:${VERSION:-latest} restart: unless-stopped ports: @@ -12,13 +12,13 @@ services: KEY_FILE: ${KEY_FILE:-} CA_FILE: ${CA_FILE:-} volumes: - - certs:/certs + - cameleer-certs:/certs - /var/run/docker.sock:/var/run/docker.sock:ro networks: - cameleer - cameleer-traefik - postgres: + cameleer-postgres: image: ${POSTGRES_IMAGE:-gitea.siegeln.net/cameleer/cameleer-postgres}:${VERSION:-latest} restart: unless-stopped environment: @@ -26,7 +26,7 @@ services: POSTGRES_USER: ${POSTGRES_USER:-cameleer} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-cameleer_dev} volumes: - - pgdata:/var/lib/postgresql/data + - cameleer-pgdata:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-cameleer} -d ${POSTGRES_DB:-cameleer_saas}"] interval: 5s @@ -35,13 +35,13 @@ services: networks: - cameleer - clickhouse: + cameleer-clickhouse: image: ${CLICKHOUSE_IMAGE:-gitea.siegeln.net/cameleer/cameleer-clickhouse}:${VERSION:-latest} restart: unless-stopped environment: CLICKHOUSE_PASSWORD: ${CLICKHOUSE_PASSWORD:-cameleer_ch} volumes: - - chdata:/var/lib/clickhouse + - cameleer-chdata:/var/lib/clickhouse healthcheck: test: ["CMD-SHELL", "clickhouse-client --password ${CLICKHOUSE_PASSWORD:-cameleer_ch} --query 'SELECT 1'"] interval: 10s @@ -54,24 +54,24 @@ services: networks: - cameleer - logto: + cameleer-logto: image: ${LOGTO_IMAGE:-gitea.siegeln.net/cameleer/cameleer-logto}:${VERSION:-latest} restart: unless-stopped depends_on: - postgres: + cameleer-postgres: condition: service_healthy environment: - DB_URL: postgres://${POSTGRES_USER:-cameleer}:${POSTGRES_PASSWORD:-cameleer_dev}@postgres:5432/logto + DB_URL: postgres://${POSTGRES_USER:-cameleer}:${POSTGRES_PASSWORD:-cameleer_dev}@cameleer-postgres:5432/logto ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost} ADMIN_ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost}:${LOGTO_CONSOLE_PORT:-3002} TRUST_PROXY_HEADER: 1 NODE_TLS_REJECT_UNAUTHORIZED: "${NODE_TLS_REJECT:-0}" - LOGTO_ENDPOINT: http://logto:3001 - LOGTO_ADMIN_ENDPOINT: http://logto:3002 + LOGTO_ENDPOINT: http://cameleer-logto:3001 + LOGTO_ADMIN_ENDPOINT: http://cameleer-logto:3002 LOGTO_PUBLIC_ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost} PUBLIC_HOST: ${PUBLIC_HOST:-localhost} PUBLIC_PROTOCOL: ${PUBLIC_PROTOCOL:-https} - PG_HOST: postgres + PG_HOST: cameleer-postgres PG_USER: ${POSTGRES_USER:-cameleer} PG_PASSWORD: ${POSTGRES_PASSWORD:-cameleer_dev} PG_DB_SAAS: ${POSTGRES_DB:-cameleer_saas} @@ -85,24 +85,24 @@ services: start_period: 30s labels: - traefik.enable=true - - traefik.http.routers.logto.rule=PathPrefix(`/`) - - traefik.http.routers.logto.priority=1 - - traefik.http.routers.logto.entrypoints=websecure - - traefik.http.routers.logto.tls=true - - traefik.http.routers.logto.service=logto - - traefik.http.routers.logto.middlewares=logto-cors - - "traefik.http.middlewares.logto-cors.headers.accessControlAllowOriginList=${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost}:${LOGTO_CONSOLE_PORT:-3002}" - - traefik.http.middlewares.logto-cors.headers.accessControlAllowMethods=GET,POST,PUT,PATCH,DELETE,OPTIONS - - traefik.http.middlewares.logto-cors.headers.accessControlAllowHeaders=Authorization,Content-Type - - traefik.http.middlewares.logto-cors.headers.accessControlAllowCredentials=true - - traefik.http.services.logto.loadbalancer.server.port=3001 - - traefik.http.routers.logto-console.rule=PathPrefix(`/`) - - traefik.http.routers.logto-console.entrypoints=admin-console - - traefik.http.routers.logto-console.tls=true - - traefik.http.routers.logto-console.service=logto-console - - traefik.http.services.logto-console.loadbalancer.server.port=3002 + - traefik.http.routers.cameleer-logto.rule=PathPrefix(`/`) + - traefik.http.routers.cameleer-logto.priority=1 + - traefik.http.routers.cameleer-logto.entrypoints=websecure + - traefik.http.routers.cameleer-logto.tls=true + - traefik.http.routers.cameleer-logto.service=cameleer-logto + - traefik.http.routers.cameleer-logto.middlewares=cameleer-logto-cors + - "traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowOriginList=${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost}:${LOGTO_CONSOLE_PORT:-3002}" + - traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowMethods=GET,POST,PUT,PATCH,DELETE,OPTIONS + - traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowHeaders=Authorization,Content-Type + - traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowCredentials=true + - traefik.http.services.cameleer-logto.loadbalancer.server.port=3001 + - traefik.http.routers.cameleer-logto-console.rule=PathPrefix(`/`) + - traefik.http.routers.cameleer-logto-console.entrypoints=admin-console + - traefik.http.routers.cameleer-logto-console.tls=true + - traefik.http.routers.cameleer-logto-console.service=cameleer-logto-console + - traefik.http.services.cameleer-logto-console.loadbalancer.server.port=3002 volumes: - - bootstrapdata:/data + - cameleer-bootstrapdata:/data networks: - cameleer @@ -110,19 +110,19 @@ services: image: ${CAMELEER_IMAGE:-gitea.siegeln.net/cameleer/cameleer-saas}:${VERSION:-latest} restart: unless-stopped depends_on: - logto: + cameleer-logto: condition: service_healthy volumes: - - bootstrapdata:/data/bootstrap:ro - - certs:/certs + - cameleer-bootstrapdata:/data/bootstrap:ro + - cameleer-certs:/certs - /var/run/docker.sock:/var/run/docker.sock environment: # SaaS database - SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/${POSTGRES_DB:-cameleer_saas} + SPRING_DATASOURCE_URL: jdbc:postgresql://cameleer-postgres:5432/${POSTGRES_DB:-cameleer_saas} SPRING_DATASOURCE_USERNAME: ${POSTGRES_USER:-cameleer} SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD:-cameleer_dev} # Identity (Logto) - CAMELEER_SAAS_IDENTITY_LOGTOENDPOINT: ${LOGTO_ENDPOINT:-http://logto:3001} + CAMELEER_SAAS_IDENTITY_LOGTOENDPOINT: ${LOGTO_ENDPOINT:-http://cameleer-logto:3001} CAMELEER_SAAS_IDENTITY_LOGTOPUBLICENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost} CAMELEER_SAAS_IDENTITY_M2MCLIENTID: ${LOGTO_M2M_CLIENT_ID:-} CAMELEER_SAAS_IDENTITY_M2MCLIENTSECRET: ${LOGTO_M2M_CLIENT_SECRET:-} @@ -151,7 +151,7 @@ networks: driver: bridge volumes: - pgdata: - chdata: - certs: - bootstrapdata: + cameleer-pgdata: + cameleer-chdata: + cameleer-certs: + cameleer-bootstrapdata: diff --git a/docker/logto-bootstrap.sh b/docker/logto-bootstrap.sh index d636baa..78aa7ee 100644 --- a/docker/logto-bootstrap.sh +++ b/docker/logto-bootstrap.sh @@ -7,12 +7,12 @@ set -e # Configures cameleer3-server OIDC. # Idempotent: checks existence before creating. -LOGTO_ENDPOINT="${LOGTO_ENDPOINT:-http://logto:3001}" -LOGTO_ADMIN_ENDPOINT="${LOGTO_ADMIN_ENDPOINT:-http://logto:3002}" +LOGTO_ENDPOINT="${LOGTO_ENDPOINT:-http://cameleer-logto:3001}" +LOGTO_ADMIN_ENDPOINT="${LOGTO_ADMIN_ENDPOINT:-http://cameleer-logto:3002}" LOGTO_PUBLIC_ENDPOINT="${LOGTO_PUBLIC_ENDPOINT:-http://localhost:3001}" MGMT_API_RESOURCE="https://default.logto.app/api" BOOTSTRAP_FILE="/data/logto-bootstrap.json" -PG_HOST="${PG_HOST:-postgres}" +PG_HOST="${PG_HOST:-cameleer-postgres}" PG_USER="${PG_USER:-cameleer}" PG_DB_LOGTO="logto" PG_DB_SAAS="${PG_DB_SAAS:-cameleer_saas}" diff --git a/docs/architecture.md b/docs/architecture.md index c6ed50d..60b0cef 100644 --- a/docs/architecture.md +++ b/docs/architecture.md @@ -858,7 +858,7 @@ state (`currentTenantId`). Provides `logout` and `signIn` callbacks. | Variable | Default | Description | |------------------------------|----------------------------------------------|----------------------------------| -| `SPRING_DATASOURCE_URL` | `jdbc:postgresql://postgres:5432/cameleer_saas` | PostgreSQL JDBC URL | +| `SPRING_DATASOURCE_URL` | `jdbc:postgresql://cameleer-postgres:5432/cameleer_saas` | PostgreSQL JDBC URL | | `SPRING_DATASOURCE_USERNAME`| `cameleer` | PostgreSQL user | | `SPRING_DATASOURCE_PASSWORD`| `cameleer_dev` | PostgreSQL password | @@ -882,8 +882,8 @@ state (`currentTenantId`). Provides `logout` and `signIn` callbacks. | `CAMELEER_SAAS_PROVISIONING_TRAEFIKNETWORK` | `cameleer-traefik` | Traefik Docker network | | `CAMELEER_SAAS_PROVISIONING_PUBLICHOST` | `localhost` | Public hostname (same as infrastructure `PUBLIC_HOST`) | | `CAMELEER_SAAS_PROVISIONING_PUBLICPROTOCOL` | `https` | Public protocol (same as infrastructure `PUBLIC_PROTOCOL`) | -| `CAMELEER_SAAS_PROVISIONING_DATASOURCEURL` | `jdbc:postgresql://postgres:5432/cameleer3` | PostgreSQL URL passed to tenant servers | -| `CAMELEER_SAAS_PROVISIONING_CLICKHOUSEURL` | `jdbc:clickhouse://clickhouse:8123/cameleer` | ClickHouse URL passed to tenant servers | +| `CAMELEER_SAAS_PROVISIONING_DATASOURCEURL` | `jdbc:postgresql://cameleer-postgres:5432/cameleer3` | PostgreSQL URL passed to tenant servers | +| `CAMELEER_SAAS_PROVISIONING_CLICKHOUSEURL` | `jdbc:clickhouse://cameleer-clickhouse:8123/cameleer` | ClickHouse URL passed to tenant servers | ### 10.2 cameleer3-server (per-tenant) @@ -891,15 +891,15 @@ Env vars injected into provisioned per-tenant server containers by `DockerTenant | Variable | Default / Value | Description | |------------------------------|----------------------------------------------|----------------------------------| -| `SPRING_DATASOURCE_URL` | `jdbc:postgresql://postgres:5432/cameleer3` | PostgreSQL JDBC URL | +| `SPRING_DATASOURCE_URL` | `jdbc:postgresql://cameleer-postgres:5432/cameleer3` | PostgreSQL JDBC URL | | `SPRING_DATASOURCE_USERNAME`| `cameleer` | PostgreSQL user | | `SPRING_DATASOURCE_PASSWORD`| `cameleer_dev` | PostgreSQL password | -| `CAMELEER_SERVER_CLICKHOUSE_URL` | `jdbc:clickhouse://clickhouse:8123/cameleer` | ClickHouse JDBC URL | +| `CAMELEER_SERVER_CLICKHOUSE_URL` | `jdbc:clickhouse://cameleer-clickhouse:8123/cameleer` | ClickHouse JDBC URL | | `CAMELEER_SERVER_TENANT_ID` | *(tenant slug)* | Tenant identifier for data isolation | | `CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN` | *(generated)* | Agent bootstrap token | | `CAMELEER_SERVER_SECURITY_JWTSECRET` | *(generated)* | JWT signing secret | | `CAMELEER_SERVER_SECURITY_OIDC_ISSUERURI` | `${PUBLIC_PROTOCOL}://${PUBLIC_HOST}/oidc` | OIDC issuer for M2M tokens | -| `CAMELEER_SERVER_SECURITY_OIDC_JWKSETURI` | `http://logto:3001/oidc/jwks` | Docker-internal JWK fetch | +| `CAMELEER_SERVER_SECURITY_OIDC_JWKSETURI` | `http://cameleer-logto:3001/oidc/jwks` | Docker-internal JWK fetch | | `CAMELEER_SERVER_SECURITY_OIDC_AUDIENCE` | `https://api.cameleer.local` | JWT audience validation | | `CAMELEER_SERVER_SECURITY_CORSALLOWEDORIGINS` | `${PUBLIC_PROTOCOL}://${PUBLIC_HOST}` | CORS for browser requests | | `CAMELEER_SERVER_RUNTIME_ENABLED` | `true` | Enable Docker orchestration | @@ -957,7 +957,7 @@ The bootstrap script writes `/data/logto-bootstrap.json` containing: "bootstrapToken": "", "platformAdminUser": "", "tenantAdminUser": "", - "oidcIssuerUri": "http://logto:3001/oidc", + "oidcIssuerUri": "http://cameleer-logto:3001/oidc", "oidcAudience": "https://api.cameleer.local" } ``` diff --git a/docs/user-manual.md b/docs/user-manual.md index 0d2cdfd..61e5722 100644 --- a/docs/user-manual.md +++ b/docs/user-manual.md @@ -435,7 +435,7 @@ Copy `.env.example` to `.env` and configure as needed: | `POSTGRES_USER` | PostgreSQL username | `cameleer` | | `POSTGRES_PASSWORD` | PostgreSQL password | `change_me_in_production` | | `POSTGRES_DB` | PostgreSQL database name | `cameleer_saas` | -| `CAMELEER_SAAS_IDENTITY_LOGTOENDPOINT` | Internal Logto URL (container-to-container) | `http://logto:3001` | +| `CAMELEER_SAAS_IDENTITY_LOGTOENDPOINT` | Internal Logto URL (container-to-container) | `http://cameleer-logto:3001` | | `CAMELEER_SAAS_IDENTITY_LOGTOPUBLICENDPOINT` | Public-facing Logto URL | `http://localhost:3001` | | `CAMELEER_SAAS_IDENTITY_M2MCLIENTID` | Machine-to-machine client ID (auto-set by bootstrap) | _(empty)_ | | `CAMELEER_SAAS_IDENTITY_M2MCLIENTSECRET` | Machine-to-machine client secret (auto-set by bootstrap) | _(empty)_ | diff --git a/installer/cameleer/docker-compose.yml b/installer/cameleer/docker-compose.yml new file mode 100644 index 0000000..d94610d --- /dev/null +++ b/installer/cameleer/docker-compose.yml @@ -0,0 +1,158 @@ +# Cameleer SaaS Platform +# Generated by Cameleer installer — do not edit manually + +services: + cameleer-traefik: + image: ${TRAEFIK_IMAGE:-gitea.siegeln.net/cameleer/cameleer-traefik}:${VERSION:-latest} + restart: unless-stopped + ports: + - "${HTTP_PORT:-80}:80" + - "${HTTPS_PORT:-443}:443" + - "${LOGTO_CONSOLE_PORT:-3002}:3002" + environment: + PUBLIC_HOST: ${PUBLIC_HOST:-localhost} + CERT_FILE: ${CERT_FILE:-} + KEY_FILE: ${KEY_FILE:-} + CA_FILE: ${CA_FILE:-} + volumes: + - cameleer-certs:/certs + - ${DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock:ro + networks: + - cameleer + - cameleer-traefik + + cameleer-postgres: + image: ${POSTGRES_IMAGE:-gitea.siegeln.net/cameleer/cameleer-postgres}:${VERSION:-latest} + restart: unless-stopped + environment: + POSTGRES_DB: cameleer_saas + POSTGRES_USER: ${POSTGRES_USER:-cameleer} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + volumes: + - cameleer-pgdata:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER:-cameleer} -d cameleer_saas"] + interval: 5s + timeout: 5s + retries: 5 + networks: + - cameleer + + cameleer-clickhouse: + image: ${CLICKHOUSE_IMAGE:-gitea.siegeln.net/cameleer/cameleer-clickhouse}:${VERSION:-latest} + restart: unless-stopped + environment: + CLICKHOUSE_PASSWORD: ${CLICKHOUSE_PASSWORD} + volumes: + - cameleer-chdata:/var/lib/clickhouse + healthcheck: + test: ["CMD-SHELL", "clickhouse-client --password $${CLICKHOUSE_PASSWORD} --query 'SELECT 1'"] + interval: 10s + timeout: 5s + retries: 3 + networks: + - cameleer + + cameleer-logto: + image: ${LOGTO_IMAGE:-gitea.siegeln.net/cameleer/cameleer-logto}:${VERSION:-latest} + restart: unless-stopped + depends_on: + cameleer-postgres: + condition: service_healthy + environment: + DB_URL: postgres://${POSTGRES_USER:-cameleer}:${POSTGRES_PASSWORD}@cameleer-postgres:5432/logto + ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost} + ADMIN_ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost}:${LOGTO_CONSOLE_PORT:-3002} + TRUST_PROXY_HEADER: 1 + NODE_TLS_REJECT_UNAUTHORIZED: "${NODE_TLS_REJECT:-0}" + LOGTO_ENDPOINT: http://cameleer-logto:3001 + LOGTO_ADMIN_ENDPOINT: http://cameleer-logto:3002 + LOGTO_PUBLIC_ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost} + PUBLIC_HOST: ${PUBLIC_HOST:-localhost} + PUBLIC_PROTOCOL: ${PUBLIC_PROTOCOL:-https} + PG_HOST: cameleer-postgres + PG_USER: ${POSTGRES_USER:-cameleer} + PG_PASSWORD: ${POSTGRES_PASSWORD} + PG_DB_SAAS: cameleer_saas + SAAS_ADMIN_USER: ${SAAS_ADMIN_USER:-admin} + SAAS_ADMIN_PASS: ${SAAS_ADMIN_PASS:-admin} + healthcheck: + test: ["CMD-SHELL", "node -e \"require('http').get('http://localhost:3001/oidc/.well-known/openid-configuration', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))\" && test -f /data/logto-bootstrap.json"] + interval: 10s + timeout: 5s + retries: 60 + start_period: 30s + labels: + - traefik.enable=true + - traefik.http.routers.cameleer-logto.rule=PathPrefix(`/`) + - traefik.http.routers.cameleer-logto.priority=1 + - traefik.http.routers.cameleer-logto.entrypoints=websecure + - traefik.http.routers.cameleer-logto.tls=true + - traefik.http.routers.cameleer-logto.service=cameleer-logto + - traefik.http.routers.cameleer-logto.middlewares=cameleer-logto-cors + - "traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowOriginList=${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost}:${LOGTO_CONSOLE_PORT:-3002}" + - traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowMethods=GET,POST,PUT,PATCH,DELETE,OPTIONS + - traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowHeaders=Authorization,Content-Type + - traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowCredentials=true + - traefik.http.services.cameleer-logto.loadbalancer.server.port=3001 + - traefik.http.routers.cameleer-logto-console.rule=PathPrefix(`/`) + - traefik.http.routers.cameleer-logto-console.entrypoints=admin-console + - traefik.http.routers.cameleer-logto-console.tls=true + - traefik.http.routers.cameleer-logto-console.service=cameleer-logto-console + - traefik.http.services.cameleer-logto-console.loadbalancer.server.port=3002 + volumes: + - cameleer-bootstrapdata:/data + networks: + - cameleer + + cameleer-saas: + image: ${CAMELEER_IMAGE:-gitea.siegeln.net/cameleer/cameleer-saas}:${VERSION:-latest} + restart: unless-stopped + depends_on: + cameleer-logto: + condition: service_healthy + environment: + # SaaS database + SPRING_DATASOURCE_URL: jdbc:postgresql://cameleer-postgres:5432/cameleer_saas + SPRING_DATASOURCE_USERNAME: ${POSTGRES_USER:-cameleer} + SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD} + # Identity (Logto) + CAMELEER_SAAS_IDENTITY_LOGTOENDPOINT: http://cameleer-logto:3001 + CAMELEER_SAAS_IDENTITY_LOGTOPUBLICENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost} + # Provisioning — passed to per-tenant server containers + CAMELEER_SAAS_PROVISIONING_PUBLICHOST: ${PUBLIC_HOST:-localhost} + CAMELEER_SAAS_PROVISIONING_PUBLICPROTOCOL: ${PUBLIC_PROTOCOL:-https} + CAMELEER_SAAS_PROVISIONING_NETWORKNAME: ${COMPOSE_PROJECT_NAME:-cameleer-saas}_cameleer + CAMELEER_SAAS_PROVISIONING_TRAEFIKNETWORK: cameleer-traefik + CAMELEER_SAAS_PROVISIONING_DATASOURCEUSERNAME: ${POSTGRES_USER:-cameleer} + CAMELEER_SAAS_PROVISIONING_DATASOURCEPASSWORD: ${POSTGRES_PASSWORD} + CAMELEER_SAAS_PROVISIONING_CLICKHOUSEPASSWORD: ${CLICKHOUSE_PASSWORD} + CAMELEER_SAAS_PROVISIONING_SERVERIMAGE: ${CAMELEER_SAAS_PROVISIONING_SERVERIMAGE:-gitea.siegeln.net/cameleer/cameleer3-server:latest} + CAMELEER_SAAS_PROVISIONING_SERVERUIIMAGE: ${CAMELEER_SAAS_PROVISIONING_SERVERUIIMAGE:-gitea.siegeln.net/cameleer/cameleer3-server-ui:latest} + labels: + - traefik.enable=true + - traefik.http.routers.saas.rule=PathPrefix(`/platform`) + - traefik.http.routers.saas.entrypoints=websecure + - traefik.http.routers.saas.tls=true + - traefik.http.services.saas.loadbalancer.server.port=8080 + volumes: + - cameleer-bootstrapdata:/data/bootstrap:ro + - cameleer-certs:/certs + - ${DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock + networks: + - cameleer + group_add: + - "1001" + +volumes: + cameleer-pgdata: + cameleer-chdata: + cameleer-certs: + cameleer-bootstrapdata: + +networks: + cameleer: + driver: bridge + cameleer-traefik: + name: cameleer-traefik + driver: bridge diff --git a/installer/install.ps1 b/installer/install.ps1 index 0e5c16d..f34a8b3 100644 --- a/installer/install.ps1 +++ b/installer/install.ps1 @@ -763,7 +763,7 @@ function New-ComposeFile { # Generated by Cameleer installer — do not edit manually services: - traefik: + cameleer-traefik: image: ${TRAEFIK_IMAGE:-gitea.siegeln.net/cameleer/cameleer-traefik}:${VERSION:-latest} restart: unless-stopped ports: @@ -786,7 +786,7 @@ services: KEY_FILE: ${KEY_FILE:-} CA_FILE: ${CA_FILE:-} volumes: - - certs:/certs + - cameleer-certs:/certs - ${DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock:ro '@ @@ -817,7 +817,7 @@ services: # --- postgres service --- Append-LFFile $f @' - postgres: + cameleer-postgres: image: ${POSTGRES_IMAGE:-gitea.siegeln.net/cameleer/cameleer-postgres}:${VERSION:-latest} restart: unless-stopped environment: @@ -825,7 +825,7 @@ services: POSTGRES_USER: ${POSTGRES_USER:-cameleer} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} volumes: - - pgdata:/var/lib/postgresql/data + - cameleer-pgdata:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER:-cameleer} -d cameleer_saas"] interval: 5s @@ -842,13 +842,13 @@ services: # --- clickhouse service --- Append-LFFile $f @' - clickhouse: + cameleer-clickhouse: image: ${CLICKHOUSE_IMAGE:-gitea.siegeln.net/cameleer/cameleer-clickhouse}:${VERSION:-latest} restart: unless-stopped environment: CLICKHOUSE_PASSWORD: ${CLICKHOUSE_PASSWORD} volumes: - - chdata:/var/lib/clickhouse + - cameleer-chdata:/var/lib/clickhouse healthcheck: test: ["CMD-SHELL", "clickhouse-client --password $${CLICKHOUSE_PASSWORD} --query 'SELECT 1'"] interval: 10s @@ -871,24 +871,24 @@ services: # --- logto service --- Append-LFFile $f @' - logto: + cameleer-logto: image: ${LOGTO_IMAGE:-gitea.siegeln.net/cameleer/cameleer-logto}:${VERSION:-latest} restart: unless-stopped depends_on: - postgres: + cameleer-postgres: condition: service_healthy environment: - DB_URL: postgres://${POSTGRES_USER:-cameleer}:${POSTGRES_PASSWORD}@postgres:5432/logto + DB_URL: postgres://${POSTGRES_USER:-cameleer}:${POSTGRES_PASSWORD}@cameleer-postgres:5432/logto ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost} ADMIN_ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost}:${LOGTO_CONSOLE_PORT:-3002} TRUST_PROXY_HEADER: 1 NODE_TLS_REJECT_UNAUTHORIZED: "${NODE_TLS_REJECT:-0}" - LOGTO_ENDPOINT: http://logto:3001 - LOGTO_ADMIN_ENDPOINT: http://logto:3002 + LOGTO_ENDPOINT: http://cameleer-logto:3001 + LOGTO_ADMIN_ENDPOINT: http://cameleer-logto:3002 LOGTO_PUBLIC_ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost} PUBLIC_HOST: ${PUBLIC_HOST:-localhost} PUBLIC_PROTOCOL: ${PUBLIC_PROTOCOL:-https} - PG_HOST: postgres + PG_HOST: cameleer-postgres PG_USER: ${POSTGRES_USER:-cameleer} PG_PASSWORD: ${POSTGRES_PASSWORD} PG_DB_SAAS: cameleer_saas @@ -905,33 +905,33 @@ services: start_period: 30s labels: - traefik.enable=true - - traefik.http.routers.logto.rule=PathPrefix(`/`) - - traefik.http.routers.logto.priority=1 - - traefik.http.routers.logto.entrypoints=websecure - - traefik.http.routers.logto.tls=true - - traefik.http.routers.logto.service=logto - - traefik.http.routers.logto.middlewares=logto-cors - - "traefik.http.middlewares.logto-cors.headers.accessControlAllowOriginList=${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost}:${LOGTO_CONSOLE_PORT:-3002}" - - traefik.http.middlewares.logto-cors.headers.accessControlAllowMethods=GET,POST,PUT,PATCH,DELETE,OPTIONS - - traefik.http.middlewares.logto-cors.headers.accessControlAllowHeaders=Authorization,Content-Type - - traefik.http.middlewares.logto-cors.headers.accessControlAllowCredentials=true - - traefik.http.services.logto.loadbalancer.server.port=3001 + - traefik.http.routers.cameleer-logto.rule=PathPrefix(`/`) + - traefik.http.routers.cameleer-logto.priority=1 + - traefik.http.routers.cameleer-logto.entrypoints=websecure + - traefik.http.routers.cameleer-logto.tls=true + - traefik.http.routers.cameleer-logto.service=cameleer-logto + - traefik.http.routers.cameleer-logto.middlewares=cameleer-logto-cors + - "traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowOriginList=${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost}:${LOGTO_CONSOLE_PORT:-3002}" + - traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowMethods=GET,POST,PUT,PATCH,DELETE,OPTIONS + - traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowHeaders=Authorization,Content-Type + - traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowCredentials=true + - traefik.http.services.cameleer-logto.loadbalancer.server.port=3001 '@ # Conditional: Logto console router labels if ($script:CFG_LOGTO_CONSOLE_EXPOSED -eq 'true') { Append-LFFile $f @' - - traefik.http.routers.logto-console.rule=PathPrefix(`/`) - - traefik.http.routers.logto-console.entrypoints=admin-console - - traefik.http.routers.logto-console.tls=true - - traefik.http.routers.logto-console.service=logto-console - - traefik.http.services.logto-console.loadbalancer.server.port=3002 + - traefik.http.routers.cameleer-logto-console.rule=PathPrefix(`/`) + - traefik.http.routers.cameleer-logto-console.entrypoints=admin-console + - traefik.http.routers.cameleer-logto-console.tls=true + - traefik.http.routers.cameleer-logto-console.service=cameleer-logto-console + - traefik.http.services.cameleer-logto-console.loadbalancer.server.port=3002 '@ } Append-LFFile $f @' volumes: - - bootstrapdata:/data + - cameleer-bootstrapdata:/data networks: - cameleer @@ -939,13 +939,13 @@ services: image: ${CAMELEER_IMAGE:-gitea.siegeln.net/cameleer/cameleer-saas}:${VERSION:-latest} restart: unless-stopped depends_on: - logto: + cameleer-logto: condition: service_healthy environment: - SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/cameleer_saas + SPRING_DATASOURCE_URL: jdbc:postgresql://cameleer-postgres:5432/cameleer_saas SPRING_DATASOURCE_USERNAME: ${POSTGRES_USER:-cameleer} SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD} - CAMELEER_SAAS_IDENTITY_LOGTOENDPOINT: http://logto:3001 + CAMELEER_SAAS_IDENTITY_LOGTOENDPOINT: http://cameleer-logto:3001 CAMELEER_SAAS_IDENTITY_LOGTOPUBLICENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost} CAMELEER_SAAS_PROVISIONING_PUBLICPROTOCOL: ${PUBLIC_PROTOCOL:-https} CAMELEER_SAAS_PROVISIONING_PUBLICHOST: ${PUBLIC_HOST:-localhost} @@ -972,8 +972,8 @@ services: Append-LFFile $f @' volumes: - - bootstrapdata:/data/bootstrap:ro - - certs:/certs + - cameleer-bootstrapdata:/data/bootstrap:ro + - cameleer-certs:/certs - ${DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock networks: - cameleer @@ -988,10 +988,10 @@ services: - "0" volumes: - pgdata: - chdata: - certs: - bootstrapdata: + cameleer-pgdata: + cameleer-chdata: + cameleer-certs: + cameleer-bootstrapdata: networks: cameleer: @@ -1349,19 +1349,19 @@ The platform generated a self-signed certificate on first boot. To replace it: | Docker Volume | Contains | |---|---| -| \`pgdata\` | PostgreSQL data (tenants, licenses, audit) | -| \`chdata\` | ClickHouse data (traces, metrics, logs) | -| \`certs\` | TLS certificates | -| \`bootstrapdata\` | Logto bootstrap results | +| \`cameleer-pgdata\` | PostgreSQL data (tenants, licenses, audit) | +| \`cameleer-chdata\` | ClickHouse data (traces, metrics, logs) | +| \`cameleer-certs\` | TLS certificates | +| \`cameleer-bootstrapdata\` | Logto bootstrap results | ### Backup Commands \`\`\`bash # PostgreSQL -docker compose -p ${proj} exec postgres pg_dump -U cameleer cameleer_saas > backup.sql +docker compose -p ${proj} exec cameleer-postgres pg_dump -U cameleer cameleer_saas > backup.sql # ClickHouse -docker compose -p ${proj} exec clickhouse clickhouse-client --query "SELECT * FROM cameleer.traces FORMAT Native" > traces.native +docker compose -p ${proj} exec cameleer-clickhouse clickhouse-client --query "SELECT * FROM cameleer.traces FORMAT Native" > traces.native \`\`\` ## Upgrading @@ -1379,9 +1379,9 @@ The installer preserves your \`.env\`, credentials, and data volumes. Only the c | Issue | Command | |---|---| | Service not starting | \`docker compose -p ${proj} logs SERVICE_NAME\` | -| Bootstrap failed | \`docker compose -p ${proj} logs logto\` | -| Routing issues | \`docker compose -p ${proj} logs traefik\` | -| Database issues | \`docker compose -p ${proj} exec postgres psql -U cameleer -d cameleer_saas\` | +| Bootstrap failed | \`docker compose -p ${proj} logs cameleer-logto\` | +| Routing issues | \`docker compose -p ${proj} logs cameleer-traefik\` | +| Database issues | \`docker compose -p ${proj} exec cameleer-postgres psql -U cameleer -d cameleer_saas\` | ## Uninstalling diff --git a/installer/install.sh b/installer/install.sh index b78b6ed..ac01f88 100644 --- a/installer/install.sh +++ b/installer/install.sh @@ -688,7 +688,7 @@ generate_compose_file() { # Generated by Cameleer installer � do not edit manually services: - traefik: + cameleer-traefik: image: ${TRAEFIK_IMAGE:-gitea.siegeln.net/cameleer/cameleer-traefik}:${VERSION:-latest} restart: unless-stopped ports: @@ -709,7 +709,7 @@ EOF KEY_FILE: ${KEY_FILE:-} CA_FILE: ${CA_FILE:-} volumes: - - certs:/certs + - cameleer-certs:/certs - ${DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock:ro EOF @@ -737,7 +737,7 @@ EOF cat >> "$f" << 'EOF' - postgres: + cameleer-postgres: image: ${POSTGRES_IMAGE:-gitea.siegeln.net/cameleer/cameleer-postgres}:${VERSION:-latest} restart: unless-stopped environment: @@ -745,7 +745,7 @@ EOF POSTGRES_USER: ${POSTGRES_USER:-cameleer} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} volumes: - - pgdata:/var/lib/postgresql/data + - cameleer-pgdata:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER:-cameleer} -d cameleer_saas"] interval: 5s @@ -761,13 +761,13 @@ EOF cat >> "$f" << 'EOF' - clickhouse: + cameleer-clickhouse: image: ${CLICKHOUSE_IMAGE:-gitea.siegeln.net/cameleer/cameleer-clickhouse}:${VERSION:-latest} restart: unless-stopped environment: CLICKHOUSE_PASSWORD: ${CLICKHOUSE_PASSWORD} volumes: - - chdata:/var/lib/clickhouse + - cameleer-chdata:/var/lib/clickhouse healthcheck: test: ["CMD-SHELL", "clickhouse-client --password $${CLICKHOUSE_PASSWORD} --query 'SELECT 1'"] interval: 10s @@ -789,24 +789,24 @@ EOF cat >> "$f" << 'EOF' - logto: + cameleer-logto: image: ${LOGTO_IMAGE:-gitea.siegeln.net/cameleer/cameleer-logto}:${VERSION:-latest} restart: unless-stopped depends_on: - postgres: + cameleer-postgres: condition: service_healthy environment: - DB_URL: postgres://${POSTGRES_USER:-cameleer}:${POSTGRES_PASSWORD}@postgres:5432/logto + DB_URL: postgres://${POSTGRES_USER:-cameleer}:${POSTGRES_PASSWORD}@cameleer-postgres:5432/logto ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost} ADMIN_ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost}:${LOGTO_CONSOLE_PORT:-3002} TRUST_PROXY_HEADER: 1 NODE_TLS_REJECT_UNAUTHORIZED: "${NODE_TLS_REJECT:-0}" - LOGTO_ENDPOINT: http://logto:3001 - LOGTO_ADMIN_ENDPOINT: http://logto:3002 + LOGTO_ENDPOINT: http://cameleer-logto:3001 + LOGTO_ADMIN_ENDPOINT: http://cameleer-logto:3002 LOGTO_PUBLIC_ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost} PUBLIC_HOST: ${PUBLIC_HOST:-localhost} PUBLIC_PROTOCOL: ${PUBLIC_PROTOCOL:-https} - PG_HOST: postgres + PG_HOST: cameleer-postgres PG_USER: ${POSTGRES_USER:-cameleer} PG_PASSWORD: ${POSTGRES_PASSWORD} PG_DB_SAAS: cameleer_saas @@ -820,32 +820,32 @@ EOF start_period: 30s labels: - traefik.enable=true - - traefik.http.routers.logto.rule=PathPrefix(`/`) - - traefik.http.routers.logto.priority=1 - - traefik.http.routers.logto.entrypoints=websecure - - traefik.http.routers.logto.tls=true - - traefik.http.routers.logto.service=logto - - traefik.http.routers.logto.middlewares=logto-cors - - "traefik.http.middlewares.logto-cors.headers.accessControlAllowOriginList=${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost}:${LOGTO_CONSOLE_PORT:-3002}" - - traefik.http.middlewares.logto-cors.headers.accessControlAllowMethods=GET,POST,PUT,PATCH,DELETE,OPTIONS - - traefik.http.middlewares.logto-cors.headers.accessControlAllowHeaders=Authorization,Content-Type - - traefik.http.middlewares.logto-cors.headers.accessControlAllowCredentials=true - - traefik.http.services.logto.loadbalancer.server.port=3001 + - traefik.http.routers.cameleer-logto.rule=PathPrefix(`/`) + - traefik.http.routers.cameleer-logto.priority=1 + - traefik.http.routers.cameleer-logto.entrypoints=websecure + - traefik.http.routers.cameleer-logto.tls=true + - traefik.http.routers.cameleer-logto.service=cameleer-logto + - traefik.http.routers.cameleer-logto.middlewares=cameleer-logto-cors + - "traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowOriginList=${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost}:${LOGTO_CONSOLE_PORT:-3002}" + - traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowMethods=GET,POST,PUT,PATCH,DELETE,OPTIONS + - traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowHeaders=Authorization,Content-Type + - traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowCredentials=true + - traefik.http.services.cameleer-logto.loadbalancer.server.port=3001 EOF if [ "$LOGTO_CONSOLE_EXPOSED" = "true" ]; then cat >> "$f" << 'EOF' - - traefik.http.routers.logto-console.rule=PathPrefix(`/`) - - traefik.http.routers.logto-console.entrypoints=admin-console - - traefik.http.routers.logto-console.tls=true - - traefik.http.routers.logto-console.service=logto-console - - traefik.http.services.logto-console.loadbalancer.server.port=3002 + - traefik.http.routers.cameleer-logto-console.rule=PathPrefix(`/`) + - traefik.http.routers.cameleer-logto-console.entrypoints=admin-console + - traefik.http.routers.cameleer-logto-console.tls=true + - traefik.http.routers.cameleer-logto-console.service=cameleer-logto-console + - traefik.http.services.cameleer-logto-console.loadbalancer.server.port=3002 EOF fi cat >> "$f" << 'EOF' volumes: - - bootstrapdata:/data + - cameleer-bootstrapdata:/data networks: - cameleer @@ -853,15 +853,15 @@ EOF image: ${CAMELEER_IMAGE:-gitea.siegeln.net/cameleer/cameleer-saas}:${VERSION:-latest} restart: unless-stopped depends_on: - logto: + cameleer-logto: condition: service_healthy environment: # SaaS database - SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/cameleer_saas + SPRING_DATASOURCE_URL: jdbc:postgresql://cameleer-postgres:5432/cameleer_saas SPRING_DATASOURCE_USERNAME: ${POSTGRES_USER:-cameleer} SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD} # Identity (Logto) - CAMELEER_SAAS_IDENTITY_LOGTOENDPOINT: http://logto:3001 + CAMELEER_SAAS_IDENTITY_LOGTOENDPOINT: http://cameleer-logto:3001 CAMELEER_SAAS_IDENTITY_LOGTOPUBLICENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost} # Provisioning — passed to per-tenant server containers CAMELEER_SAAS_PROVISIONING_PUBLICHOST: ${PUBLIC_HOST:-localhost} @@ -891,8 +891,8 @@ EOF cat >> "$f" << 'EOF' volumes: - - bootstrapdata:/data/bootstrap:ro - - certs:/certs + - cameleer-bootstrapdata:/data/bootstrap:ro + - cameleer-certs:/certs - ${DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock networks: - cameleer @@ -912,10 +912,10 @@ EOF volumes: EOF cat >> "$f" << 'EOF' - pgdata: - chdata: - certs: - bootstrapdata: + cameleer-pgdata: + cameleer-chdata: + cameleer-certs: + cameleer-bootstrapdata: networks: cameleer: @@ -944,7 +944,7 @@ generate_compose_file_standalone() { # Generated by Cameleer installer — do not edit manually services: - traefik: + cameleer-traefik: image: ${TRAEFIK_IMAGE:-gitea.siegeln.net/cameleer/cameleer-traefik}:${VERSION:-latest} restart: unless-stopped ports: @@ -956,7 +956,7 @@ services: KEY_FILE: ${KEY_FILE:-} CA_FILE: ${CA_FILE:-} volumes: - - certs:/certs + - cameleer-certs:/certs - ${DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock:ro - ./traefik-dynamic.yml:/etc/traefik/dynamic.yml:ro COMPOSEEOF @@ -977,7 +977,7 @@ COMPOSEEOF cat >> "$f" << 'COMPOSEEOF' - postgres: + cameleer-postgres: image: postgres:16-alpine restart: unless-stopped environment: @@ -985,7 +985,7 @@ COMPOSEEOF POSTGRES_USER: ${POSTGRES_USER:-cameleer} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} volumes: - - pgdata:/var/lib/postgresql/data + - cameleer-pgdata:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER:-cameleer} -d $${POSTGRES_DB:-cameleer3}"] interval: 5s @@ -1001,13 +1001,13 @@ COMPOSEEOF cat >> "$f" << 'COMPOSEEOF' - clickhouse: + cameleer-clickhouse: image: ${CLICKHOUSE_IMAGE:-gitea.siegeln.net/cameleer/cameleer-clickhouse}:${VERSION:-latest} restart: unless-stopped environment: CLICKHOUSE_PASSWORD: ${CLICKHOUSE_PASSWORD} volumes: - - chdata:/var/lib/clickhouse + - cameleer-chdata:/var/lib/clickhouse healthcheck: test: ["CMD-SHELL", "clickhouse-client --password $${CLICKHOUSE_PASSWORD} --query 'SELECT 1'"] interval: 10s @@ -1032,14 +1032,14 @@ COMPOSEEOF container_name: cameleer-server restart: unless-stopped depends_on: - postgres: + cameleer-postgres: condition: service_healthy environment: CAMELEER_SERVER_TENANT_ID: default - SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/\${POSTGRES_DB:-cameleer3}?currentSchema=tenant_default + SPRING_DATASOURCE_URL: jdbc:postgresql://cameleer-postgres:5432/\${POSTGRES_DB:-cameleer3}?currentSchema=tenant_default SPRING_DATASOURCE_USERNAME: \${POSTGRES_USER:-cameleer} SPRING_DATASOURCE_PASSWORD: \${POSTGRES_PASSWORD} - CAMELEER_SERVER_CLICKHOUSE_URL: jdbc:clickhouse://clickhouse:8123/cameleer + CAMELEER_SERVER_CLICKHOUSE_URL: jdbc:clickhouse://cameleer-clickhouse:8123/cameleer CAMELEER_SERVER_CLICKHOUSE_USERNAME: default CAMELEER_SERVER_CLICKHOUSE_PASSWORD: \${CLICKHOUSE_PASSWORD} CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN: \${BOOTSTRAP_TOKEN} @@ -1069,7 +1069,7 @@ COMPOSEEOF start_period: 30s volumes: - jars:/data/jars - - certs:/certs:ro + - cameleer-certs:/certs:ro - \${DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock group_add: - "${docker_gid}" @@ -1102,9 +1102,9 @@ COMPOSEEOF cat >> "$f" << 'COMPOSEEOF' volumes: - pgdata: - chdata: - certs: + cameleer-pgdata: + cameleer-chdata: + cameleer-certs: jars: networks: @@ -1425,19 +1425,19 @@ EOF | Docker Volume | Contains | |---|---| -| \`pgdata\` | PostgreSQL data (tenants, licenses, audit) | -| \`chdata\` | ClickHouse data (traces, metrics, logs) | -| \`certs\` | TLS certificates | -| \`bootstrapdata\` | Logto bootstrap results | +| \`cameleer-pgdata\` | PostgreSQL data (tenants, licenses, audit) | +| \`cameleer-chdata\` | ClickHouse data (traces, metrics, logs) | +| \`cameleer-certs\` | TLS certificates | +| \`cameleer-bootstrapdata\` | Logto bootstrap results | ### Backup Commands \`\`\`bash # PostgreSQL -docker compose -p ${COMPOSE_PROJECT} exec postgres pg_dump -U cameleer cameleer_saas > backup.sql +docker compose -p ${COMPOSE_PROJECT} exec cameleer-postgres pg_dump -U cameleer cameleer_saas > backup.sql # ClickHouse -docker compose -p ${COMPOSE_PROJECT} exec clickhouse clickhouse-client --query "SELECT * FROM cameleer.traces FORMAT Native" > traces.native +docker compose -p ${COMPOSE_PROJECT} exec cameleer-clickhouse clickhouse-client --query "SELECT * FROM cameleer.traces FORMAT Native" > traces.native \`\`\` ## Upgrading @@ -1455,9 +1455,9 @@ The installer preserves your \`.env\`, credentials, and data volumes. Only the c | Issue | Command | |---|---| | Service not starting | \`docker compose -p ${COMPOSE_PROJECT} logs SERVICE_NAME\` | -| Bootstrap failed | \`docker compose -p ${COMPOSE_PROJECT} logs logto\` | -| Routing issues | \`docker compose -p ${COMPOSE_PROJECT} logs traefik\` | -| Database issues | \`docker compose -p ${COMPOSE_PROJECT} exec postgres psql -U cameleer -d cameleer_saas\` | +| Bootstrap failed | \`docker compose -p ${COMPOSE_PROJECT} logs cameleer-logto\` | +| Routing issues | \`docker compose -p ${COMPOSE_PROJECT} logs cameleer-traefik\` | +| Database issues | \`docker compose -p ${COMPOSE_PROJECT} exec cameleer-postgres psql -U cameleer -d cameleer_saas\` | ## Uninstalling @@ -1556,19 +1556,19 @@ EOF | Docker Volume | Contains | |---|---| -| \`pgdata\` | PostgreSQL data (server config, routes, deployments) | -| \`chdata\` | ClickHouse data (traces, metrics, logs) | -| \`certs\` | TLS certificates | +| \`cameleer-pgdata\` | PostgreSQL data (server config, routes, deployments) | +| \`cameleer-chdata\` | ClickHouse data (traces, metrics, logs) | +| \`cameleer-certs\` | TLS certificates | | \`jars\` | Uploaded application JARs | ### Backup Commands \`\`\`bash # PostgreSQL -docker compose -p ${COMPOSE_PROJECT} exec postgres pg_dump -U cameleer cameleer3 > backup.sql +docker compose -p ${COMPOSE_PROJECT} exec cameleer-postgres pg_dump -U cameleer cameleer3 > backup.sql # ClickHouse -docker compose -p ${COMPOSE_PROJECT} exec clickhouse clickhouse-client --query "SELECT * FROM cameleer.traces FORMAT Native" > traces.native +docker compose -p ${COMPOSE_PROJECT} exec cameleer-clickhouse clickhouse-client --query "SELECT * FROM cameleer.traces FORMAT Native" > traces.native \`\`\` ## Upgrading @@ -1587,8 +1587,8 @@ The installer preserves your \`.env\`, credentials, and data volumes. Only the c |---|---| | Service not starting | \`docker compose -p ${COMPOSE_PROJECT} logs SERVICE_NAME\` | | Server issues | \`docker compose -p ${COMPOSE_PROJECT} logs server\` | -| Routing issues | \`docker compose -p ${COMPOSE_PROJECT} logs traefik\` | -| Database issues | \`docker compose -p ${COMPOSE_PROJECT} exec postgres psql -U cameleer -d cameleer3\` | +| Routing issues | \`docker compose -p ${COMPOSE_PROJECT} logs cameleer-traefik\` | +| Database issues | \`docker compose -p ${COMPOSE_PROJECT} exec cameleer-postgres psql -U cameleer -d cameleer3\` | ## Uninstalling diff --git a/src/main/java/net/siegeln/cameleer/saas/provisioning/DockerTenantProvisioner.java b/src/main/java/net/siegeln/cameleer/saas/provisioning/DockerTenantProvisioner.java index 1c3a2ff..d0c0695 100644 --- a/src/main/java/net/siegeln/cameleer/saas/provisioning/DockerTenantProvisioner.java +++ b/src/main/java/net/siegeln/cameleer/saas/provisioning/DockerTenantProvisioner.java @@ -198,7 +198,7 @@ public class DockerTenantProvisioner implements TenantProvisioner { "SPRING_DATASOURCE_URL=" + props.datasourceUrl(), "SPRING_DATASOURCE_USERNAME=" + props.datasourceUsername(), "SPRING_DATASOURCE_PASSWORD=" + props.datasourcePassword(), - "CAMELEER_SERVER_CLICKHOUSE_URL=jdbc:clickhouse://clickhouse:8123/cameleer", + "CAMELEER_SERVER_CLICKHOUSE_URL=jdbc:clickhouse://cameleer-clickhouse:8123/cameleer", "CAMELEER_SERVER_CLICKHOUSE_USERNAME=" + props.clickhouseUser(), "CAMELEER_SERVER_CLICKHOUSE_PASSWORD=" + props.clickhousePassword(), "CAMELEER_SERVER_TENANT_ID=" + slug, diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index ec10bdb..3cdd8d9 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -6,7 +6,7 @@ spring: application: name: cameleer-saas datasource: - url: ${SPRING_DATASOURCE_URL:jdbc:postgresql://postgres:5432/cameleer_saas} + url: ${SPRING_DATASOURCE_URL:jdbc:postgresql://cameleer-postgres:5432/cameleer_saas} username: ${SPRING_DATASOURCE_USERNAME:cameleer} password: ${SPRING_DATASOURCE_PASSWORD:cameleer_dev} jpa: @@ -21,7 +21,7 @@ spring: resourceserver: jwt: issuer-uri: ${cameleer.saas.provisioning.publicprotocol:https}://${cameleer.saas.provisioning.publichost:localhost}/oidc - jwk-set-uri: ${cameleer.saas.identity.logtoendpoint:http://logto:3001}/oidc/jwks + jwk-set-uri: ${cameleer.saas.identity.logtoendpoint:http://cameleer-logto:3001}/oidc/jwks management: endpoints: @@ -49,14 +49,14 @@ cameleer: traefiknetwork: ${CAMELEER_SAAS_PROVISIONING_TRAEFIKNETWORK:cameleer-traefik} publichost: ${CAMELEER_SAAS_PROVISIONING_PUBLICHOST:localhost} publicprotocol: ${CAMELEER_SAAS_PROVISIONING_PUBLICPROTOCOL:https} - datasourceurl: ${CAMELEER_SAAS_PROVISIONING_DATASOURCEURL:jdbc:postgresql://postgres:5432/cameleer3} + datasourceurl: ${CAMELEER_SAAS_PROVISIONING_DATASOURCEURL:jdbc:postgresql://cameleer-postgres:5432/cameleer3} datasourceusername: ${CAMELEER_SAAS_PROVISIONING_DATASOURCEUSERNAME:${POSTGRES_USER:cameleer}} datasourcepassword: ${CAMELEER_SAAS_PROVISIONING_DATASOURCEPASSWORD:${POSTGRES_PASSWORD:cameleer_dev}} - clickhouseurl: ${CAMELEER_SAAS_PROVISIONING_CLICKHOUSEURL:jdbc:clickhouse://clickhouse:8123/cameleer} + clickhouseurl: ${CAMELEER_SAAS_PROVISIONING_CLICKHOUSEURL:jdbc:clickhouse://cameleer-clickhouse:8123/cameleer} clickhouseuser: ${CAMELEER_SAAS_PROVISIONING_CLICKHOUSEUSER:default} clickhousepassword: ${CAMELEER_SAAS_PROVISIONING_CLICKHOUSEPASSWORD:${CLICKHOUSE_PASSWORD:cameleer_ch}} oidcissueruri: ${cameleer.saas.provisioning.publicprotocol}://${cameleer.saas.provisioning.publichost}/oidc - oidcjwkseturi: http://logto:3001/oidc/jwks + oidcjwkseturi: http://cameleer-logto:3001/oidc/jwks corsorigins: ${cameleer.saas.provisioning.publicprotocol}://${cameleer.saas.provisioning.publichost} certs: path: ${CAMELEER_SAAS_CERTS_PATH:/certs} diff --git a/src/test/java/net/siegeln/cameleer/saas/vendor/VendorTenantServiceTest.java b/src/test/java/net/siegeln/cameleer/saas/vendor/VendorTenantServiceTest.java index e5f3293..ba15a32 100644 --- a/src/test/java/net/siegeln/cameleer/saas/vendor/VendorTenantServiceTest.java +++ b/src/test/java/net/siegeln/cameleer/saas/vendor/VendorTenantServiceTest.java @@ -73,7 +73,7 @@ class VendorTenantServiceTest { "img", "uiimg", "net", "traefik", "localhost", "https", "jdbc:postgresql://pg:5432/db", "cameleer", "cameleer_dev", "jdbc:clickhouse://ch:8123/cameleer", "default", "cameleer_ch", - "https://localhost/oidc", "http://logto:3001/oidc/jwks", "https://localhost"); + "https://localhost/oidc", "http://cameleer-logto:3001/oidc/jwks", "https://localhost"); vendorTenantService = new VendorTenantService( tenantService, tenantRepository, licenseService, tenantProvisioner, serverApiClient, logtoClient, logtoConfig,