Changed port to 80 and made the logout work.

Signed-off-by: Dennis Labordus <[email protected]>
Signed-off-by: Rob Tjalma <[email protected]>

Author: Dennis Labordus

README.md

@@ -30,6 +30,9 @@ When interacting with the SCL Data Service, a JWT token needs to have certain ro
 - **A SCL Data Reader**: A user with the role 'Read'. This way, it only has reading access to the SCL Data Service.
   - Username: scl-data-reader
   - Password: reader
+- **A SCD Reader**: A user with the role 'Read' only on the SCD Type.
+  - Username: scd-reader
+  - Password: reader
 
 ## Docker Compose
 There is a pre configured [Docker Compose](docker/docker-compose.yml) file, which starts all the given CoMPAS services.
@@ -42,11 +45,15 @@ To start all configured services, go to the `docker` directory and run the follo
 This first command builds 2 containers (keycloak and reverse proxy) and next command starts all CoMPAS services at the same time.
 Now, the following services are available:
 
-- open-scd, available at [http://localhost:8080/](http://localhost:8080/). **Not fully working yet, can't communicate with Data Service yet.**
-- scl-data-service, available at [http://localhost:8080/compas-scl-data-service](http://localhost:8080/compas-scl-data-service).
+- open-scd, available at [http://localhost/](http://localhost/). **Not fully working yet, can't communicate with Data Service yet.**
+- scl-data-service, available at [http://localhost/compas-scl-data-service](http://localhost/compas-scl-data-service).
 - basex, available at [http://localhost:1984/](http://localhost:1984/)
-    - Added an extra volume (binding) for saving files in directory docker/basex-data.
-- cim-mapping - IEC 61850 mapping, available at [http://localhost:8080/compas-cim-mapping/](http://localhost:8080/compas-cim-mapping/).
-- keycloak, available at [http://localhost:8080/auth/](http://localhost:8080/auth/).
+- cim-mapping - IEC 61850 mapping, available at [http://localhost/compas-cim-mapping/](http://localhost/compas-cim-mapping/).
+- keycloak, available at [http://localhost/auth/](http://localhost/auth/) or direclty if needed [http://localhost:8080/auth/](http://localhost:8080/auth/).
     - Imports the demo configuration.
 - reverse-proxy, OpenResty instance that works as a reverse proxy so all services are available through a single port.
+    - The JWT Access Token is added to the header for all Services, like the SCL Data Service.
+
+To stop and remove all the containers run the command:
+
+`docker-compose down`

docker/docker-compose.yml

@@ -17,23 +17,22 @@ services:
   keycloak:
     build: keycloak
     ports:
-      - "8089:8080"
+      - "8080:8080"
     environment:
-      - KEYCLOAK_FRONTEND_URL=http://localhost:8080/auth/
+      - KEYCLOAK_FRONTEND_URL=http://localhost/auth/
 
   scl-data-service:
     image: "lfenergycompas/compas-scl-data-service:0.3.0"
-    ports:
-      - "9090:8080"
     environment:
       - BASEX_HOST=basex
       - BASEX_PORT=1984
       - JWT_VERIFY_KEY=http://keycloak:8080/auth/realms/compas/protocol/openid-connect/certs
-      - JWT_VERIFY_ISSUER=http://localhost:8080/auth/realms/compas
+      - JWT_VERIFY_ISSUER=http://localhost/auth/realms/compas
       - JWT_VERIFY_CLIENT_ID=scl-data-service
       - JWT_GROUPS_PATH=resource_access/scl-data-service/roles
     depends_on:
       - basex
+      - keycloak
 
   cim-mapping:
     image: "lfenergycompas/compas-cim-mapping:0.1.0"
@@ -47,7 +46,7 @@ services:
   reverse-proxy:
     build: reverse-proxy
     ports:
-      - "8080:80"
+      - "80:80"
     depends_on:
       - keycloak
       - scl-data-service

docker/keycloak/keycloak_compas_realm.json

@@ -907,14 +907,14 @@
   }, {
     "id" : "ace17366-e696-4821-9f24-89b797acb736",
     "clientId" : "openscd",
-    "rootUrl" : "http://localhost:8080/",
-    "adminUrl" : "http://localhost:8080/",
+    "rootUrl" : "http://localhost/",
+    "adminUrl" : "http://localhost/",
     "surrogateAuthRequired" : false,
     "enabled" : true,
     "alwaysDisplayInConsole" : false,
     "clientAuthenticatorType" : "client-secret",
-    "redirectUris" : [ "http://localhost:8080/*" ],
-    "webOrigins" : [ "http://localhost:8080" ],
+    "redirectUris" : [ "http://localhost/*" ],
+    "webOrigins" : [ "http://localhost" ],
     "notBefore" : 0,
     "bearerOnly" : false,
     "consentRequired" : false,
@@ -996,14 +996,14 @@
     "clientId" : "scl-data-service",
     "name" : "SCL Data Service",
     "description" : "The SCL Data Service for storing / retrieving SCLs",
-    "rootUrl" : "http://localhost:9090/",
-    "adminUrl" : "http://localhost:9090/",
+    "rootUrl" : "http://localhost/",
+    "adminUrl" : "http://localhost/",
     "surrogateAuthRequired" : false,
     "enabled" : true,
     "alwaysDisplayInConsole" : false,
     "clientAuthenticatorType" : "client-secret",
-    "redirectUris" : [ "http://localhost:9090/*" ],
-    "webOrigins" : [ "http://localhost:9090" ],
+    "redirectUris" : [ "http://localhost/*" ],
+    "webOrigins" : [ "http://localhost" ],
     "notBefore" : 0,
     "bearerOnly" : false,
     "consentRequired" : false,

docker/reverse-proxy/Dockerfile

@@ -8,9 +8,6 @@ RUN mkdir /var/log/nginx
 RUN apk add --no-cache openssl-dev
 RUN apk add --no-cache git
 RUN apk add --no-cache gcc
-RUN luarocks install lua-resty-http
-RUN luarocks install lua-resty-session
-RUN luarocks install lua-resty-jwt
 RUN luarocks install lua-resty-openidc
 
 RUN mkdir -p /etc/nginx/include

docker/reverse-proxy/authenticate.include

@@ -5,7 +5,7 @@ access_by_lua_block {
     client_id = "openscd",
     redirect_uri_scheme = "http",
     logout_path = "/logout",
-    redirect_after_logout_uri = "http://keycloak:8080/auth/realms/compas/protocol/openid-connect/logout?redirect_uri=http%3A%2F%2Flocalhost%2F",
+    redirect_after_logout_uri = "http://localhost/auth/realms/compas/protocol/openid-connect/logout?redirect_uri=http%3A%2F%2Flocalhost%2F",
     redirect_after_logout_with_id_token_hint = false,
     session_contents = {id_token=true, access_token=true},
     renew_access_token_on_expiry = true,