NOISSUE - Update docker compose and env file (#171)

* Update docker compose and env Signed-off-by: Arvindh <arvindh91@gmail.com> * add MG_AUTH_URL Signed-off-by: Arvindh <arvindh91@gmail.com> * update smq copy script Signed-off-by: Arvindh <arvindh91@gmail.com> * sync with supermq main Signed-off-by: Arvindh <arvindh91@gmail.com> --------- Signed-off-by: Arvindh <arvindh91@gmail.com>
2026-06-23 06:20:18 +00:00 · 2025-05-23 18:35:17 +05:30
parent e810530cd7
commit effbb7091d
8 changed files with 96 additions and 34 deletions
@@ -252,8 +252,8 @@ endif
 fetch_supermq:
 	@./scripts/supermq.sh

- run:
-	docker compose -f docker/docker-compose.yaml \
+ run: check_certs
+	MG_ADDONS_CERTS_PATH_PREFIX="../." docker compose -f docker/docker-compose.yaml \
 		-f docker/addons/timescale-reader/docker-compose.yaml \
 		-f docker/addons/timescale-writer/docker-compose.yaml \
 		--env-file docker/.env -p $(DOCKER_PROJECT) $(DOCKER_COMPOSE_COMMAND) $(args)
@@ -301,6 +301,7 @@ MG_UI_BACKEND_DB_SSL_KEY=
 MG_UI_BACKEND_DB_SSL_ROOT_CERT=

 ## UI
+MG_AUTH_URL=http://auth:9001
 MG_DOMAINS_URL=http://domains:9003
 MG_USERS_URL=http://users:9002
 MG_CLIENTS_URL=http://clients:9006
@@ -313,24 +314,21 @@ MG_READER_URL=http://timescale-reader:9011
 MG_UI_BACKEND_URL=http://ui-backend:9097
 MG_JOURNAL_URL=http://journal:9021
 MG_BILLING_URL=http://billing:9022
+MG_RE_URL=http://re:9008
+MG_ALARMS_URL=http://alarms:8050
 MG_GOOGLE_CLIENT_ID=
 MG_GOOGLE_CLIENT_SECRET=
 MG_GOOGLE_REDIRECT_URL=http://localhost:3000/oauth/callback/google
 MG_GOOGLE_STATE=pGXVNhEeKfycuBzk5InlSfMlEU9UrhlkTUOSqhsgDzXP2Y4RsN
-MG_UI_NAME="Magistrala UI" # Organization name
 MG_UI_BASE_PATH=/
-NEXT_PUBLIC_MG_UI_BASE_PATH=/
-NEXT_PUBLIC_NEXTAUTH_BASE_PATH=/api/auth
-NEXT_PUBLIC_BACKEND_URL=http://ui-backend:9097
+MG_NEXTAUTH_BASE_PATH=/api/auth
+MG_UI_STRIPE_PK=
+MG_UI_STRIPE_RETURN_URL=http://localhost:3000
 NEXTAUTH_SECRET=4WdW0Z0tAOyQ/ZAI3YLVV/wNu+yUZXBLDDQ3AGrgfJ4=
 NEXTAUTH_URL=http://localhost:3000
-NEXT_PUBLIC_HOST_URL=http://localhost:3000
-MG_PROFILE_PICTURE_URL=http://ui-backend:9097
-MG_RE_URL=http://re:9008
-MG_PROTOCOL="http"
-MG_HOSTNAME="ui-backend"
-MG_PORT="9097"
-MG_PATHNAME="/**"
+MG_HOST_URL=http://localhost:3000
+MG_UI_IMAGE_URL=http://localhost:9097
+MG_UI_BASEURL=http://localhost:3000

 #Customer support email variables
 SUPPORT_EMAIL=
@@ -33,6 +33,7 @@ services:
    networks:
      - magistrala-base-net
    environment:
+      MG_AUTH_URL: ${MG_AUTH_URL}
      MG_DOMAINS_URL: ${MG_DOMAINS_URL}
      MG_USERS_URL: ${MG_USERS_URL}
      MG_CLIENTS_URL: ${MG_CLIENTS_URL}
@@ -46,23 +47,20 @@ services:
      MG_JOURNAL_URL: ${MG_JOURNAL_URL}
      MG_BILLING_URL: ${MG_BILLING_URL}
      MG_RE_URL: ${MG_RE_URL}
-      MG_PROFILE_PICTURE_URL: ${MG_PROFILE_PICTURE_URL}
      MG_GOOGLE_CLIENT_ID: ${MG_GOOGLE_CLIENT_ID}
      MG_GOOGLE_CLIENT_SECRET: ${MG_GOOGLE_CLIENT_SECRET}
      MG_GOOGLE_REDIRECT_URL: ${MG_GOOGLE_REDIRECT_URL}
      MG_GOOGLE_STATE: ${MG_GOOGLE_STATE}
-      MG_UI_NAME: ${MG_UI_NAME}
      MG_UI_BASE_PATH: ${MG_UI_BASE_PATH}
-      NEXT_PUBLIC_MG_UI_BASE_PATH: ${NEXT_PUBLIC_MG_UI_BASE_PATH}
      MG_UI_TYPE: mg
-      NEXT_PUBLIC_BACKEND_URL: ${NEXT_PUBLIC_BACKEND_URL}
+      MG_UI_BASEURL: ${MG_UI_BASEURL}
+      NEXTAUTH_URL: ${NEXTAUTH_URL}
      NEXTAUTH_SECRET: ${NEXTAUTH_SECRET}
+      NEXT_LOG_LEVEL: "debug"
+      MG_HOST_URL: ${MG_HOST_URL}
+      MG_UI_IMAGE_URL: ${MG_UI_IMAGE_URL}
      RUNTIME_ENV: ${RUNTIME_ENV}
      MG_UI_DOCKER_ACCEPT_EULA: ${MG_UI_DOCKER_ACCEPT_EULA}
-      MG_PROTOCOL: ${MG_PROTOCOL}
-      MG_HOSTNAME: ${MG_HOSTNAME}
-      MG_PORT: ${MG_PORT}
-      MG_PATHNAME: ${MG_PATHNAME}

  ui-backend:
    image: ghcr.io/absmach/magistrala/ui-backend:latest
@@ -96,8 +94,18 @@ services:
      MG_UI_VERIFICATION_TLS: ${MG_UI_VERIFICATION_TLS}
      MG_UI_CONTENT_TYPE: ${MG_UI_CONTENT_TYPE}
      MG_READER_URL: ${MG_READER_URL}
-      MG_PROFILE_PICTURE_URL: ${MG_PROFILE_PICTURE_URL}
      MG_UI_DOCKER_ACCEPT_EULA: ${MG_UI_DOCKER_ACCEPT_EULA}
+      MG_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL}
+      MG_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT}
+      MG_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
+      MG_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
+      MG_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
+      MG_TIMESCALE_READER_GRPC_URL: ${MG_TIMESCALE_READER_GRPC_URL}
+      MG_TIMESCALE_READER_GRPC_TIMEOUT: ${MG_TIMESCALE_READER_GRPC_TIMEOUT}
+      MG_TIMESCALE_READER_GRPC_CLIENT_CERT: ${MG_TIMESCALE_READER_GRPC_CLIENT_CERT:+/readers-grpc-client.crt}
+      MG_TIMESCALE_READER_GRPC_CLIENT_KEY: ${MG_TIMESCALE_READER_GRPC_CLIENT_KEY:+/readers-grpc-client.key}
+      MG_TIMESCALE_READER_GRPC_SERVER_CA_CERTS: ${MG_TIMESCALE_READER_GRPC_SERVER_CA_CERTS:+/readers-grpc-server-ca.crt}
+
    depends_on:
      - ui-backend-db
    volumes:
@@ -117,6 +125,38 @@ services:
        target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
        bind:
          create_host_path: true
+      # Channels gRPC client certificates
+      - type: bind
+        source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
+        target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_CERT:+.crt}
+        bind:
+          create_host_path: true
+      - type: bind
+        source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
+        target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_KEY:+.key}
+        bind:
+          create_host_path: true
+      - type: bind
+        source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
+        target: /channels-grpc-server-ca${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt}
+        bind:
+          create_host_path: true
+      # Reader gRPC client certificates
+      - type: bind
+        source: ${MG_TIMESCALE_READER_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
+        target: /readers-grpc-client${MG_TIMESCALE_READER_GRPC_CLIENT_CERT:+.crt}
+        bind:
+          create_host_path: true
+      - type: bind
+        source: ${MG_TIMESCALE_READER_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
+        target: /readers-grpc-client${MG_TIMESCALE_READER_GRPC_CLIENT_KEY:+.key}
+        bind:
+          create_host_path: true
+      - type: bind
+        source: ${MG_TIMESCALE_READER_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs}
+        target: /readers-grpc-server-ca${MG_TIMESCALE_READER_GRPC_SERVER_CA_CERTS:+.crt}
+        bind:
+          create_host_path: true

  ui-backend-db:
    image: postgres:16.2-alpine
@@ -21,6 +21,8 @@ envsubst '
    ${SMQ_HTTP_ADAPTER_PORT}
    ${SMQ_NGINX_MQTT_PORT}
    ${SMQ_NGINX_MQTTS_PORT}
+    ${MG_RE_HTTP_PORT}
+    ${MG_ALARMS_HTTP_PORT}
    ${SMQ_WS_ADAPTER_HTTP_PORT}' </etc/nginx/nginx.conf.template >/etc/nginx/nginx.conf

 exec nginx -g "daemon off;"
@@ -93,6 +93,20 @@ http {
            proxy_pass http://channels:${SMQ_CHANNELS_HTTP_PORT};
        }

+        # Proxy pass to rule engine service
+        location ~ "^/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})/(rules)" {
+            include snippets/proxy-headers.conf;
+            add_header Access-Control-Expose-Headers Location;
+            proxy_pass http://re:${MG_RE_HTTP_PORT};
+        }
+
+        # Proxy pass to rule engine service
+        location ~ "^/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})/(alarms)" {
+            include snippets/proxy-headers.conf;
+            add_header Access-Control-Expose-Headers Location;
+            proxy_pass http://alarms:${MG_ALARMS_HTTP_PORT};
+        }
+
        location /health {
            include snippets/proxy-headers.conf;
            proxy_pass http://clients:${SMQ_CLIENTS_HTTP_PORT};
@@ -1,7 +1,7 @@
 # Copyright (c) Abstract Machines
 # SPDX-License-Identifier: Apache-2.0

-# This is the Magistrala NGINX configuration for mututal authentication based on X.509 certifiactes.
+# This is the default Magistrala NGINX configuration for mutual authentication based on X.509 certificate.

 user nginx;
 worker_processes auto;
@@ -48,7 +48,7 @@ http {
        listen [::]:443 ssl default_server;
        http2 on;

-        set $dynamic_server_name "$MG_NGINX_SERVER_NAME";
+        set $dynamic_server_name "$SMQ_NGINX_SERVER_NAME";

        if ($dynamic_server_name = '') {
            set $dynamic_server_name "localhost";
@@ -75,7 +75,7 @@ http {
        }

        # Proxy pass to users service
-        location ~ ^/(users|groups|password|authorize|oauth/callback/[^/]+) {
+        location ~ ^/(users|password|authorize|oauth/callback/[^/]+) {
            include snippets/proxy-headers.conf;
            add_header Access-Control-Expose-Headers Location;
            proxy_pass http://users:${SMQ_USERS_HTTP_PORT};
@@ -102,11 +102,18 @@ http {
            proxy_pass http://channels:${SMQ_CHANNELS_HTTP_PORT};
        }

-        # Proxy pass to invitations service
-        location ~ ^/(invitations) {
+        # Proxy pass to rule engine service
+        location ~ "^/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})/(rules)" {
            include snippets/proxy-headers.conf;
            add_header Access-Control-Expose-Headers Location;
-            proxy_pass http://invitations:${SMQ_INVITATIONS_HTTP_PORT};
+            proxy_pass http://re:${MG_RE_HTTP_PORT};
+        }
+
+        # Proxy pass to rule engine service
+        location ~ "^/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})/(alarms)" {
+            include snippets/proxy-headers.conf;
+            add_header Access-Control-Expose-Headers Location;
+            proxy_pass http://alarms:${MG_ALARMS_HTTP_PORT};
        }

        location /health {
@@ -176,4 +183,4 @@ stream {
    }
 }

-error_log  info.log info;
+error_log info.log info;
@@ -105,7 +105,7 @@ SMQ_AUTH_ADAPTER_INSTANCE_ID=
 SMQ_AUTH_CACHE_URL=redis://auth-redis:${SMQ_REDIS_TCP_PORT}/0
 SMQ_AUTH_CACHE_KEY_DURATION=10m

-#### Client Callout
+#### Client Callout 
 SMQ_CLIENTS_CALLOUT_URLS=""
 SMQ_CLIENTS_CALLOUT_METHOD="POST"
 SMQ_CLIENTS_CALLOUT_TLS_VERIFICATION="false"
@@ -115,7 +115,7 @@ SMQ_CLIENTS_CALLOUT_CERT=""
 SMQ_CLIENTS_CALLOUT_KEY=""
 SMQ_CLIENTS_CALLOUT_OPERATIONS=""

-#### Channel Callout
+#### Channel Callout 
 SMQ_CHANNELS_CALLOUT_URLS=""
 SMQ_CHANNELS_CALLOUT_METHOD="POST"
 SMQ_CHANNELS_CALLOUT_TLS_VERIFICATION="false"
@@ -125,7 +125,7 @@ SMQ_CHANNELS_CALLOUT_CERT=""
 SMQ_CHANNELS_CALLOUT_KEY=""
 SMQ_CHANNELS_CALLOUT_OPERATIONS=""

-#### Group Callout
+#### Group Callout 
 SMQ_GROUPS_CALLOUT_URLS=""
 SMQ_GROUPS_CALLOUT_METHOD="POST"
 SMQ_GROUPS_CALLOUT_TLS_VERIFICATION="false"
@@ -135,7 +135,7 @@ SMQ_GROUPS_CALLOUT_CERT=""
 SMQ_GROUPS_CALLOUT_KEY=""
 SMQ_GROUPS_CALLOUT_OPERATIONS=""

-#### Domain Callout
+#### Domain Callout 
 SMQ_DOMAINS_CALLOUT_URLS=""
 SMQ_DOMAINS_CALLOUT_METHOD="POST"
 SMQ_DOMAINS_CALLOUT_TLS_VERIFICATION="false"
@@ -26,6 +26,7 @@ fi
 cleanup() {
    rm -rf "$TEMP_DIR"
 }
+cleanup
 trap cleanup EXIT

 git clone --depth 1 --filter=blob:none --sparse "$REPO_URL"
@@ -36,6 +37,6 @@ if [ -d "$DEST_DIR" ]; then
    rm -r "$DEST_DIR"
 fi
 mkdir -p "$DEST_DIR"
-mv -f "$DOCKER_DIR"/{*,.*} "$DEST_DIR"
+mv -f "$DOCKER_DIR"/.??* "$DOCKER_DIR"/* "$DEST_DIR"/
 cd ..
 rm -rf "$TEMP_DIR"