Instruction
Build on Java 11
Build proto before other modules
1. Run auth app
No dependencies
2. Run app1
No dependencies
3. Run app2
Requires redis and mongo
3.1 Run following docker containers
docker run --name mongo -p 27017:27017 -d mongo
docker run --name redis -p 6379:6379 -d redis
3.2 Create capped "user" collection
db.createCollection("logs", {capped: true, size: 4096, max:5})
4. Run web (nginx)
Web is Nginx HTTP server:
- Caching of static content
- Authorization (list of API and roles) using JWT tokens
- Reverse proxy
4.1 Build nginx config
To simplify configuration there is python script which creates nginx.conf
Nginx config requires authorization mapping data (role to URL mapping). This mapping is done with *.yml files (one file per application/domain name)
Mapping configuration *.yml
subdomain-env: app1.local.com
static-root: /static/app1
api:
- context-path: /api
upstream-name: app1
upstream-url: host.docker.internal:8091
locations:
- url: /test1/{id}
roles: ['TEST_ROLE']
- url: /test2
roles: ['TEST_ROLE']
- url: /test3
roles: ['TEST_ROLE']
- url: /test4
roles: ['TEST_ROLE']
- url: /test5
roles: ['TEST_ROLE']
- url: /test6
roles: ['TEST_ROLE']
- context-path: /api/auth
upstream-name: authapp
upstream-url: host.docker.internal:8090
locations:
- url: /oauth/token
security: none
docker run --name ng -p8080:8080 ng
Explanation by line
subdomain-env: app1.local.com
Application domain name. Nginx will use this domain name to resolve application and redirect to proper endpoint.
static-root: /static/app1
Static files location (All *.html, *.css, *.js and images)
- context-path: /api
Nginx resolves upstream endpoint by context path. This way we can hide auth application behind app1 domain name.
upstream-name: app1
Application upstream id.
upstream-url: host.docker.internal:8091
Application upstream url ("host.docker.internal" refers to docker parent host)
locations:
- url: /test1/{id}
roles: ['TEST_ROLE']
Authorization mapping role to URL (/test1/... is available to TEST_ROLE role)
Build config
Requires docker:
cd /nginx/config
docker build -t cg .
docker run --rm cg
Manually copy file content into nginx.conf file and place it into /nginx/web
4.2 Run Nginx
After nginx.conf is ready
cd /nginx/web
docker build --no-cache -t ng .
docker run --rm -p8080:8080 --name ng ng
Other
Generate RSA keys
Asymmetric keys generation:
keytool -genkeypair -alias jwt -keyalg RSA -keypass 123456 -keystore jwt.jks -storepass 123456
Test endpoints
Refer to controllers inside app1 and app2
Direct example
http://localhost:8091/test1/1
http://localhost:8092/test1/1
Through nginx example
header: Authorization: Basic [access token]
http://app1.local.com:8080/api/test1/1
http://app2.local.com:8080/api/test1/1
Authentication
Directly to auth app
POST /oauth/token?grant_type=password&client_id=browser&client_secret=asdf HTTP/1.1
Host: localhost:8090
Cache-Control: no-cache
Postman-Token: b37c7d50-e9e3-2863-59a7-51e0a07c88cf
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="username"
login
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="password"
password
------WebKitFormBoundary7MA4YWxkTrZu0gW--
Through Nginx
POST /api/auth/oauth/token?grant_type=password&client_id=browser&client_secret=asdf HTTP/1.1
Host: app1.local.com:8080
Cache-Control: no-cache
Postman-Token: b37c7d50-e9e3-2863-59a7-51e0a07c88cf
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="username"
login
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="password"
password
------WebKitFormBoundary7MA4YWxkTrZu0gW--