From 834683fa7011a24ddeb95a5e6051fb16c15876fd Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Thu, 29 Jan 2026 09:55:46 +0000 Subject: [PATCH 01/41] Split .env into scoped env files, begin refactoring services to set appropriate settings directly --- AllInOne/creds.env | 11 ++++ AllInOne/docker-compose.yml | 48 ++++++++++------- AllInOne/{.env => internal.env} | 93 +++++++++------------------------ AllInOne/routes.env | 34 ++++++++++++ AllInOne/user.env | 28 ++++++++++ 5 files changed, 128 insertions(+), 86 deletions(-) create mode 100644 AllInOne/creds.env rename AllInOne/{.env => internal.env} (61%) create mode 100644 AllInOne/routes.env create mode 100644 AllInOne/user.env diff --git a/AllInOne/creds.env b/AllInOne/creds.env new file mode 100644 index 0000000..41fc3a1 --- /dev/null +++ b/AllInOne/creds.env @@ -0,0 +1,11 @@ +PGLOGIN=admin +PGPASSWORD=admin + +TRE_DATA_USER=admin +TRE_DATA_PASSWORD=admin + +MinioRootUser=minio +MinioRootPass=minio123 + +TreMinioAdminUser=minio +TreMinioAdminPassword=minio123 diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index a90686f..e36ff4d 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -1,3 +1,10 @@ +x-environment: &environment + env_file: + - creds.env + - internal.env + - routes.env + - user.env + name: AllInOne services: @@ -6,6 +13,7 @@ services: ###################################################### tre-ui: + <<: *environment image: harbor.ukserp.ac.uk:443/dare-trefx/control-tre-ui:${dareVer} container_name: treUI restart: always @@ -16,28 +24,11 @@ services: depends_on: - tre-api environment: - - TreAPISettings__InternalApiBaseUrl=http://treAPI:8080 - - TreAPISettings__PublicApiBaseUrl=http://localhost:8072 - - Serilog__SeqServerUrl=http://seq:5341 - - DemoMode=${DemoMode} - - KeyCloakDemoMode=${KeyCloakDemoMode} - - TreKeyCloakSettings__Authority=${TreKeyCloakAuthority} - - TreKeyCloakSettings__MetadataAddress=${TreKeyCloakMetadataAddress} - - TreKeyCloakSettings__BaseUrl=${TreKeyCloakBaseRealmAddress} - - TreKeyCloakSettings__ClientId=${TreKeyCloakClientId} - - TreKeyCloakSettings__ClientSecret=${TreKeyCloakSecret} - - TreKeyCloakSettings__ValidAudiences=${TreValidAudiences} - TreKeyCloakSettings__Proxy=${useproxy} - TreKeyCloakSettings__ProxyAddresURL=${proxyurl} - - sslcookies=${sslcookies} - - httpsRedirect=${httpsRedirect} - - TreKeyCloakSettings__AccountManagementURL=${TreAccountManagementURLUI} - - TreKeyCloakSettings__BypassProxy="treAPI,seq-tre" - - TreKeyCloakSettings__TokenExpiredAddress=${TreKeyCloakTokenExpredAddressUI} - - TreKeyCloakSettings__UseRedirectURL=${TreKeyCloakUseRedirect} - - TreKeyCloakSettings__RedirectURL=${TreKeyCloakClientUIRediretURL} tre-api: + <<: *environment image: harbor.ukserp.ac.uk:443/dare-trefx/control-tre-api:${dareVer} container_name: treapi restart: always @@ -161,6 +152,7 @@ services: ###################################################### DataEgressUI: + <<: *environment image: harbor.ukserp.ac.uk:443/dare-trefx/control-egress-ui:${dareVer} container_name: DataEgressUI restart: always @@ -192,6 +184,7 @@ services: - httpsRedirect=${httpsRedirect} DataEgressAPI: + <<: *environment image: harbor.ukserp.ac.uk:443/dare-trefx/control-egress-api:${dareVer} container_name: DataEgressAPI restart: always @@ -249,6 +242,7 @@ services: ###################################################### submissionUI: + <<: *environment image: harbor.ukserp.ac.uk:443/dare-trefx/control-main-ui:${dareVer} container_name: submissionUI restart: always @@ -287,6 +281,7 @@ services: - httpsRedirect=${httpsRedirect} submissionAPI: + <<: *environment image: harbor.ukserp.ac.uk:443/dare-trefx/control-main-api:${dareVer} container_name: submissionAPI restart: always @@ -349,6 +344,7 @@ services: # Credentials ##################################################### TRE-Camunda: + <<: *environment image: harbor.ukserp.ac.uk:443/dare-trefx/control-tre-camunda:${dareVer} container_name: TRE-Camunda restart: always @@ -397,6 +393,7 @@ services: # Keycloak ###################################################### keycloak: + <<: *environment image: quay.io/keycloak/keycloak:26.0 container_name: keycloak environment: @@ -444,6 +441,7 @@ services: # POSTGRES ###################################################### postgresql: + <<: *environment image: postgres:17 container_name: postgres restart: always @@ -462,6 +460,7 @@ services: test: ["CMD-SHELL", "pg_isready -q -U ${PGLOGIN} -d keycloak"] adminer: + <<: *environment image: adminer restart: always networks: @@ -486,6 +485,7 @@ services: ###################################################### rabbitmq: + <<: *environment image: rabbitmq:3-management-alpine container_name: "rabbitmq" hostname: rabbitmq @@ -507,6 +507,7 @@ services: # MINIO ###################################################### minioSubmission: + <<: *environment image: coollabsio/minio:RELEASE.2025-04-22T22-12-26Z container_name: minioSubmission restart: always @@ -544,6 +545,7 @@ services: start_period: 30s minioTRE: + <<: *environment image: coollabsio/minio:RELEASE.2025-04-22T22-12-26Z mem_limit: 512M mem_reservation: 256M @@ -585,6 +587,7 @@ services: # SEQ / Serilog ###################################################### seq: + <<: *environment image: datalust/seq:2025.1.14095 container_name: seq restart: always @@ -602,6 +605,7 @@ services: ###################################################### orchestration: # Consolidated Zeebe + Operate + Tasklist - https://docs.camunda.io/docs/self-managed/setup/deploy/other/docker/#zeebe + <<: *environment image: camunda/camunda:${CAMUNDA_VERSION} container_name: orchestration ports: @@ -635,6 +639,7 @@ services: # Camunda Connectors - executes outbound and inbound connector logic # Docs: https://docs.camunda.io/docs/self-managed/connectors-deployment/connectors-configuration/ connectors: + <<: *environment image: camunda/connectors-bundle:${CAMUNDA_BUNDLE_VERSION} container_name: connectors ports: @@ -663,6 +668,7 @@ services: condition: service_healthy elasticsearch: # https://hub.docker.com/_/elasticsearch + <<: *environment image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} container_name: elasticsearch ports: @@ -696,6 +702,7 @@ services: # VAULT ###################################################### vault: + <<: *environment image: hashicorp/vault:latest container_name: vault mem_limit: 512M @@ -728,6 +735,7 @@ services: # OPENLDAP ###################################################### openldap: + <<: *environment image: osixia/openldap:1.5.0 container_name: openldap environment: @@ -764,6 +772,7 @@ services: ## Ldap initialisation to create Users OU ## ldap-init: + <<: *environment image: osixia/openldap:1.5.0 networks: - sub-net @@ -782,6 +791,7 @@ services: - ./ldap-init/init.ldif:/container/service/slapd/assets/init.ldif phpldapadmin: + <<: *environment image: osixia/phpldapadmin:latest container_name: phpldapadmin networks: @@ -874,4 +884,4 @@ configs: type: elasticsearch elasticsearch: cluster-name: elasticsearch - url: "http://elasticsearch:9200" \ No newline at end of file + url: "http://elasticsearch:9200" diff --git a/AllInOne/.env b/AllInOne/internal.env similarity index 61% rename from AllInOne/.env rename to AllInOne/internal.env index 2e42c3a..999c3fb 100644 --- a/AllInOne/.env +++ b/AllInOne/internal.env @@ -1,9 +1,30 @@ +### internal.env +### This file contains config which users *should not edit* without good reason +### This file will be maintained by the developers -dareVer=3.0.0 +# -------------------------------------------------------------------------------- +# TRE Settings +# TRE DB Credentials +TRE_DATA_SERVER=postgres +TRE_DATA_PORT=5432 +TRE_DATA_DATABASE=tredata -PGLOGIN=admin -PGPASSWORD=admin +# TRE UI settings +TreAPISettings__InternalApiBaseUrll=http://treAPI:8080 +TreAPISettings__PublicApiBaseUrl=http://localhost:8072 +Serilog__SeqServerUrl=http://seq:5341 + +# TRE KeyCloak settings +TreKeyCloakSettings__Authority=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration +TreKeyCloakSettings__MetadataAddress=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuratio +TreKeyCloakSettings__ClientId=Dare-TRE-UI +TreKeyCloakSettings__BaseUrl=http://keycloak:8080/realms/Dare-TRE +TreKeyCloakSettings__ClientSecret=2de114bc-3599-45f1-9b61-5090c6859dfe +TreKeyCloakSettings__ValidAudiences=Dare-TRE-API,Dare-TRE-UI +TreKeyCloakSettings__AccountManagementURL=http://localhost:8085/realms/Dare-TRE/account +TreKeyCloakSettings__BypassProxy="treAPI,seq-tre" +TreKeyCloakSettings__UseRedirectURL=false # CAMUNDA env var CAMUNDA_VERSION=8.8.0 @@ -13,28 +34,6 @@ ELASTIC_VERSION=8.17.5 CredentialAPISettingsStartWebhookUrl=http://connectors:8080/inbound/StartCredentials CredentialAPISettingsRevokeWebhookUrl=http://connectors:8080/inbound/RevokeCredentials -# TRE DB Credentials -TRE_DATA_SERVER=postgres -TRE_DATA_PORT=5432 -TRE_DATA_DATABASE=tredata -TRE_DATA_USER=admin -TRE_DATA_PASSWORD=admin - -# Set to true if you'd like to simulate execution, otherwise default to false: -DemoMode = true -# Allows Keycloak to not require https: -KeyCloakDemoMode=true - -http_proxy=http://192.168.10.15:8080 -https_proxy=http://192.168.10.15:8080 -ProxyAddresURLForExternalFetch=http://192.168.10.15:8080 - -useproxy=false -proxyurl=http://192.168.10.15:8080 -#If having issues with keycloak set this to false. -sslcookies=false -#If http only site set this to false -httpsRedirect=false MinioOpenidSecret=8a11bbcd-693a-4549-bda4-3e978fcf4de1 MinioIdentityID=Dare-Control-Minio @@ -43,85 +42,46 @@ MinioTreOpenidSecret=71ee3de3-0e0c-49c8-a0b2-c0e490c90591 MinioTreIdentityID=Dare-TRE-Minio MinioTreIdentityConfigURL=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration -MinioRootUser=minio -MinioRootPass=minio123 -MinioBrowser=http://localhost:9000 -#MinioServerApi=http://127.0.0.1:9000 - -UseTESK=false -UseRabbit=false - -# Where TESK or Funnel API is hosted: -TesAPIUrl=http://host.docker.internal:8000/v1/tasks # Output bucket prefix for the TES executing agent to write results to TesOutputBucketPrefix=s3:// IgnoreHutchSSL=true -HutchAPIAddress=https://localhost:7239 HutchDbServer=theserver HutchDbName=theDb HutchDbPort=24 syncSchedule=2 scanSchedule=1 -TreName=DEMO EnableExternalHangfire=false -HutchMinioURLOverride= -TreMinioAdminUser=minio -TreMinioAdminPassword=minio123 - submissionMinioUrl=http://minioSubmission:9000 -#This is the 9001 url submissionMinioAdminConsole=http://minioSubmission:9001 - EgressKeyCloakUseRedirect=false EgressKeyCloakBaseRealmAddress=http://keycloak:8080/realms/Data-Egress EgressKeyCloakAuthority=http://keycloak:8080/realms/Data-Egress/.well-known/openid-configuration EgressKeyCloakMetadataAddress=http://keycloak:8080/realms/Data-Egress/.well-known/openid-configuration EgressValidAudiences=Data-Egress-UI,Data-Egress-API -EgressKeyCloakClientUIRediretURL=https//localhost:8100/ -EgressKeyCloakTokenExpredAddressUI=http://localhost:8100/Account/LoginAfterTokenExpired EgressKeyCloakSecret=81c1f071-8c45-49ef-a966-84ca8f420b7e EgressKeyCloakClientID=Data-Egress-API - SubmissionAPIKeyCloakUseRedirect=false SubmissionAPIKeyCloakClientId=Dare-Control-API SubmissionAPIKeyCloakBaseRealmAddress=http://keycloak:8080/realms/Dare-Control SubmissionAPIKeyCloakAuthority=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration SubmissionAPIKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration SubmissionAPIValidAudiences=Dare-Control-UI,Dare-Control-API,Dare-Control-Minio -SubmissionAPIKeyCloakClientUIRedirectURL=http://localhost:8989/ -SubmissionAPIKeyCloakTokenExpredAddressUI=http://localhost:8989/Account/LoginAfterTokenExpired SubmissionAPIKeyCloakSecret=2e60b956-16bc-4dea-8b49-118a8baac5e5 - - SubmissionUIAccountManagementURL=http://keycloak:8080/realms/Dare-Control/account SubmissionUIKeyCloakBaseUrl=http://keycloak:8080/realms/Dare-Control KeyCloakUseRedirect=false -KeyCloakClientUIRediretURL=http://localhost:8888/ -KeyCloakTokenExpredAddressUI=http://localhost:8888/Account/LoginAfterTokenExpired SubmissionUIClientSecret=1218304e-bf92-4706-83f6-912e0b04ecb9 SubmissionUIKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration SubmissionUIKeyCloakAuthority=http://keycloak:8080/realms/Dare-Control/ -TreKeyCloakUseRedirect=false -TreKeyCloakClientUIRediretURL=http://localhost:8989/ -TreKeyCloakTokenExpredAddressUI=http://localhost:8989/Account/LoginAfterTokenExpired -TreKeyCloakSecret=2de114bc-3599-45f1-9b61-5090c6859dfe -TreKeyCloakBaseRealmAddress=http://keycloak:8080/realms/Dare-TRE -TreKeyCloakAuthority=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration -TreKeyCloakClientId=Dare-TRE-UI -TreKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration -TreAccountManagementURLUI=http://localhost:8085/realms/Dare-TRE/account -TreValidAudiences=Dare-TRE-API,Dare-TRE-UI TreAPIKeyCloakUseRedirect=false -TreAPIKeyCloakClientUIRediretURL=http://localhost:8989/ -TreAPIKeyCloakTokenExpredAddressUI=http://localhost:8989/Account/LoginAfterTokenExpired TreAPIKeyCloakSecret=e9021a57-3f4f-4254-ba27-2cdbb99a2cb5 TreAPIKeyCloakBaseRealmAddress=http://keycloak:8080/realms/Dare-TRE TreAPIKeyCloakAuthority=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration @@ -130,9 +90,7 @@ TreAPIKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-TRE/.well-known/o TreAPIAccountManagementURLUI=http://localhost:8085/realms/Dare-TRE/account TreAPIValidAudiences=Dare-TRE-API,Dare-TRE-UI - URLSettingsFrontEndQueryImage=harbor.ukserp.ac.uk/dare-trefx/control-tre-hasura:1.34.1 -URLSettingsFrontEndMinioUrl=localhost:9001 #SubmissionAPIKeyCloakUseRedirect=false #SubmissionAPIClientSecret=1218304e-bf92-4706-83f6-912e0b04ecb9 @@ -145,4 +103,5 @@ SubmissionServerProtocol=http SubmissionRealm=Dare-Control SubmissionAutoTrustKeycloakCert=false SubmissionValidIssuer= -SubmissionValidAudience= \ No newline at end of file +SubmissionValidAudience= + diff --git a/AllInOne/routes.env b/AllInOne/routes.env new file mode 100644 index 0000000..f55acd2 --- /dev/null +++ b/AllInOne/routes.env @@ -0,0 +1,34 @@ +### routes.env +### This file contains the public URLs used by the stack, these should be +### customised for your domain and needs + +MinioBrowser=http://localhost:9000 +#MinioServerApi=http://127.0.0.1:9000 + +# Where TESK or Funnel API is hosted: +TesAPIUrl=http://host.docker.internal:8000/v1/tasks + +# Hutch config +HutchAPIAddress=https://localhost:7239 +HutchMinioURLOverride= + +# Egress config +EgressKeyCloakClientUIRediretURL=https//localhost:8100/ +EgressKeyCloakTokenExpredAddressUI=http://localhost:8100/Account/LoginAfterTokenExpired + +# Submission config +SubmissionAPIKeyCloakClientUIRedirectURL=http://localhost:8989/ +SubmissionAPIKeyCloakTokenExpredAddressUI=http://localhost:8989/Account/LoginAfterTokenExpired + +# Keycloak config +KeyCloakClientUIRediretURL=http://localhost:8888/ +KeyCloakTokenExpredAddressUI=http://localhost:8888/Account/LoginAfterTokenExpired + +# TRE config +TreKeyCloakSettings__RedirectURL=http://localhost:8989/ +TreKeyCloakSettings__TokenExpiredAddress=http://localhost:8989/Account/LoginAfterTokenExpired + +# TRE API config +TreAPIKeyCloakClientUIRediretURL=http://localhost:8989/ +TreAPIKeyCloakTokenExpredAddressUI=http://localhost:8989/Account/LoginAfterTokenExpired +URLSettingsFrontEndMinioUrl=localhost:9001 diff --git a/AllInOne/user.env b/AllInOne/user.env new file mode 100644 index 0000000..90614c8 --- /dev/null +++ b/AllInOne/user.env @@ -0,0 +1,28 @@ +### user.env +### This file contains config users are likely to set for themselves, +### carefully read and select the options most suitable to you + +# Name the TRE +TreName=DEMO + +# Set to true if you'd like to simulate execution, otherwise default to false: +DemoMode = true + +# Allows Keycloak to not require https: +KeyCloakDemoMode=true + +# Outgoing proxy config (if needed) +useproxy=false +http_proxy=http://192.168.10.15:8080 +https_proxy=http://192.168.10.15:8080 +ProxyAddresURLForExternalFetch=http://192.168.10.15:8080 +proxyurl=http://192.168.10.15:8080 + +#If having issues with keycloak set this to false. +sslcookies=false +#If http only site set this to false +httpsRedirect=false + +# Task execution optoins +UseTESK=false +UseRabbit=false From 2dbd96a42ca306a4fdffaa15b6a41f6e4ec7a997 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 10:28:17 +0000 Subject: [PATCH 02/41] Move demo mode password to creds.env --- AllInOne/creds.env | 2 ++ AllInOne/docker-compose.yml | 2 -- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/AllInOne/creds.env b/AllInOne/creds.env index 41fc3a1..a8c2d03 100644 --- a/AllInOne/creds.env +++ b/AllInOne/creds.env @@ -9,3 +9,5 @@ MinioRootPass=minio123 TreMinioAdminUser=minio TreMinioAdminPassword=minio123 + +DemoModeDefaultP=password123 \ No newline at end of file diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index e36ff4d..6f07908 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -58,7 +58,6 @@ services: - Features__DemoAllInOne=${DemoMode} - Features__EphemeralCredentials=true - KeyCloakDemoMode=${KeyCloakDemoMode} - - DemoModeDefaultP=password123 - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Tre;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - ConnectionStrings__CredentialsConnection=Server=postgres;Port=5432;Database=TRE_Credentials;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - RabbitMQ__HostAddress=rabbitmq @@ -202,7 +201,6 @@ services: environment: - DemoMode=${DemoMode} - KeyCloakDemoMode=${KeyCloakDemoMode} - - DemoModeDefaultP=password123 - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DATA-Egress;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - RabbitMQ__HostAddress=rabbitmq-tre - Serilog__SeqServerUrl=http://seq:5341 From fc75b356558daf1f8cc9024adc98ee1d59dae3be Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 10:28:46 +0000 Subject: [PATCH 03/41] Remove keycloak demo mode (already in env) --- AllInOne/.#docker-compose.yml | 1 + 1 file changed, 1 insertion(+) create mode 120000 AllInOne/.#docker-compose.yml diff --git a/AllInOne/.#docker-compose.yml b/AllInOne/.#docker-compose.yml new file mode 120000 index 0000000..ba0b7f8 --- /dev/null +++ b/AllInOne/.#docker-compose.yml @@ -0,0 +1 @@ +owool@owoolrse.109897:1770360479 \ No newline at end of file From 1399ec96966521cef541737afe2110dd2f1a724e Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 10:29:18 +0000 Subject: [PATCH 04/41] Remove keycloak demo mode (already in env) --- AllInOne/.#docker-compose.yml | 1 - AllInOne/docker-compose.yml | 5 ----- 2 files changed, 6 deletions(-) delete mode 120000 AllInOne/.#docker-compose.yml diff --git a/AllInOne/.#docker-compose.yml b/AllInOne/.#docker-compose.yml deleted file mode 120000 index ba0b7f8..0000000 --- a/AllInOne/.#docker-compose.yml +++ /dev/null @@ -1 +0,0 @@ -owool@owoolrse.109897:1770360479 \ No newline at end of file diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 6f07908..5b386bf 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -57,7 +57,6 @@ services: environment: - Features__DemoAllInOne=${DemoMode} - Features__EphemeralCredentials=true - - KeyCloakDemoMode=${KeyCloakDemoMode} - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Tre;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - ConnectionStrings__CredentialsConnection=Server=postgres;Port=5432;Database=TRE_Credentials;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - RabbitMQ__HostAddress=rabbitmq @@ -163,7 +162,6 @@ services: - DataEgressAPI environment: - DemoMode=${DemoMode} - - KeyCloakDemoMode=${KeyCloakDemoMode} - Serilog__SeqServerUrl=http://seq:5341 - DataEgressKeyCloakSettings__Authority=${EgressKeyCloakAuthority} - DataEgressKeyCloakSettings__MetadataAddress=${EgressKeyCloakMetadataAddress} @@ -200,7 +198,6 @@ services: condition: service_healthy environment: - DemoMode=${DemoMode} - - KeyCloakDemoMode=${KeyCloakDemoMode} - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DATA-Egress;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - RabbitMQ__HostAddress=rabbitmq-tre - Serilog__SeqServerUrl=http://seq:5341 @@ -255,7 +252,6 @@ services: - data-protection:/root/.aspnet/DataProtection-Keys environment: - DemoMode=${DemoMode} - - KeyCloakDemoMode=${KeyCloakDemoMode} - Serilog__SeqServerUrl=http://seq:5341 - KeyCloakSettings__Proxy=false - DareAPISettings__Address=http://submissionAPI:8080 @@ -307,7 +303,6 @@ services: condition: service_healthy environment: - DemoMode=${DemoMode} - - KeyCloakDemoMode=${KeyCloakDemoMode} - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Control;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - RabbitMQ__HostAddress=rabbitmq - Serilog__SeqServerUrl=http://seq:5341 From 29027874c580c0ea0b1adf32339d70ed3afb3aa7 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 10:30:28 +0000 Subject: [PATCH 05/41] Move seq routing to routes.env --- AllInOne/docker-compose.yml | 5 ----- AllInOne/routes.env | 3 +++ 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 5b386bf..dbaddc3 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -162,7 +162,6 @@ services: - DataEgressAPI environment: - DemoMode=${DemoMode} - - Serilog__SeqServerUrl=http://seq:5341 - DataEgressKeyCloakSettings__Authority=${EgressKeyCloakAuthority} - DataEgressKeyCloakSettings__MetadataAddress=${EgressKeyCloakMetadataAddress} - DataEgressKeyCloakSettings__BaseUrl=${EgressKeyCloakBaseRealmAddress} @@ -200,7 +199,6 @@ services: - DemoMode=${DemoMode} - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DATA-Egress;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - RabbitMQ__HostAddress=rabbitmq-tre - - Serilog__SeqServerUrl=http://seq:5341 - TreKeyCloakSettings__Authority=${TreAPIKeyCloakAuthority} - TreKeyCloakSettings__MetadataAddress=${TreAPIKeyCloakMetadataAddress} - TreKeyCloakSettings__BaseUrl=${TreAPIKeyCloakBaseRealmAddress} @@ -252,7 +250,6 @@ services: - data-protection:/root/.aspnet/DataProtection-Keys environment: - DemoMode=${DemoMode} - - Serilog__SeqServerUrl=http://seq:5341 - KeyCloakSettings__Proxy=false - DareAPISettings__Address=http://submissionAPI:8080 - DareAPISettings_HelpAddress=http://submissionAPI:8080 @@ -305,7 +302,6 @@ services: - DemoMode=${DemoMode} - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Control;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - RabbitMQ__HostAddress=rabbitmq - - Serilog__SeqServerUrl=http://seq:5341 - MinioSettings__Url=http://minioSubmission:9000 - MinioSettings__AccessKey=${MinioRootUser} - MinioSettings__SecretKey=${MinioRootPass} @@ -356,7 +352,6 @@ services: - Logging__LogLevel__Default=Information - Logging__LogLevel__Microsoft.AspNetCore=Warning - AllowedHosts=* - - Serilog__SeqServerUrl=http://seq:5341 # Zeebe Bootstrap settings - ZeebeBootstrap__Client__GatewayAddress=orchestration:26500 - ZeebeBootstrap__Worker__MaxJobsActive=5 diff --git a/AllInOne/routes.env b/AllInOne/routes.env index f55acd2..7fbba03 100644 --- a/AllInOne/routes.env +++ b/AllInOne/routes.env @@ -32,3 +32,6 @@ TreKeyCloakSettings__TokenExpiredAddress=http://localhost:8989/Account/LoginAfte TreAPIKeyCloakClientUIRediretURL=http://localhost:8989/ TreAPIKeyCloakTokenExpredAddressUI=http://localhost:8989/Account/LoginAfterTokenExpired URLSettingsFrontEndMinioUrl=localhost:9001 + +# Seq config +Serilog__SeqServerUrl=http://seq:5341 \ No newline at end of file From 28cc1a31eee2ed273ed8021d26427645a64f0eff Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 10:32:34 +0000 Subject: [PATCH 06/41] Move seq routing to routes.env --- AllInOne/.#docker-compose.yml | 1 + AllInOne/routes.env | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 120000 AllInOne/.#docker-compose.yml diff --git a/AllInOne/.#docker-compose.yml b/AllInOne/.#docker-compose.yml new file mode 120000 index 0000000..ba0b7f8 --- /dev/null +++ b/AllInOne/.#docker-compose.yml @@ -0,0 +1 @@ +owool@owoolrse.109897:1770360479 \ No newline at end of file diff --git a/AllInOne/routes.env b/AllInOne/routes.env index 7fbba03..aceb40c 100644 --- a/AllInOne/routes.env +++ b/AllInOne/routes.env @@ -34,4 +34,4 @@ TreAPIKeyCloakTokenExpredAddressUI=http://localhost:8989/Account/LoginAfterToken URLSettingsFrontEndMinioUrl=localhost:9001 # Seq config -Serilog__SeqServerUrl=http://seq:5341 \ No newline at end of file +Serilog__SeqServerUrl=http://seq:5341 From 03fdf0e5173e7417e919bd5716e8187510fe002a Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 10:32:55 +0000 Subject: [PATCH 07/41] Move rabbitmq route to routes.env --- AllInOne/.#docker-compose.yml | 1 - AllInOne/docker-compose.yml | 3 --- AllInOne/routes.env | 3 +++ 3 files changed, 3 insertions(+), 4 deletions(-) delete mode 120000 AllInOne/.#docker-compose.yml diff --git a/AllInOne/.#docker-compose.yml b/AllInOne/.#docker-compose.yml deleted file mode 120000 index ba0b7f8..0000000 --- a/AllInOne/.#docker-compose.yml +++ /dev/null @@ -1 +0,0 @@ -owool@owoolrse.109897:1770360479 \ No newline at end of file diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index dbaddc3..2a24ed8 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -59,7 +59,6 @@ services: - Features__EphemeralCredentials=true - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Tre;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - ConnectionStrings__CredentialsConnection=Server=postgres;Port=5432;Database=TRE_Credentials;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - - RabbitMQ__HostAddress=rabbitmq - Serilog__SeqServerUrl=http://seq:5341 - DareAPISettings__Address=http://submissionAPI:8080 - DataEgressAPISettings__Address=https://egressAPI:8080 @@ -198,7 +197,6 @@ services: environment: - DemoMode=${DemoMode} - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DATA-Egress;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - - RabbitMQ__HostAddress=rabbitmq-tre - TreKeyCloakSettings__Authority=${TreAPIKeyCloakAuthority} - TreKeyCloakSettings__MetadataAddress=${TreAPIKeyCloakMetadataAddress} - TreKeyCloakSettings__BaseUrl=${TreAPIKeyCloakBaseRealmAddress} @@ -301,7 +299,6 @@ services: environment: - DemoMode=${DemoMode} - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Control;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - - RabbitMQ__HostAddress=rabbitmq - MinioSettings__Url=http://minioSubmission:9000 - MinioSettings__AccessKey=${MinioRootUser} - MinioSettings__SecretKey=${MinioRootPass} diff --git a/AllInOne/routes.env b/AllInOne/routes.env index aceb40c..35545c3 100644 --- a/AllInOne/routes.env +++ b/AllInOne/routes.env @@ -35,3 +35,6 @@ URLSettingsFrontEndMinioUrl=localhost:9001 # Seq config Serilog__SeqServerUrl=http://seq:5341 + +# RebbitMQ +RabbitMQ__HostAddress=rabbitmq \ No newline at end of file From 7bd6df34f7c258f1aae282fb580b2066a768ef79 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 10:35:46 +0000 Subject: [PATCH 08/41] Add headers to routes --- AllInOne/routes.env | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/AllInOne/routes.env b/AllInOne/routes.env index 35545c3..776444c 100644 --- a/AllInOne/routes.env +++ b/AllInOne/routes.env @@ -2,6 +2,9 @@ ### This file contains the public URLs used by the stack, these should be ### customised for your domain and needs +# ------------------------------------------------------------------------------- +# External routes + MinioBrowser=http://localhost:9000 #MinioServerApi=http://127.0.0.1:9000 @@ -33,8 +36,11 @@ TreAPIKeyCloakClientUIRediretURL=http://localhost:8989/ TreAPIKeyCloakTokenExpredAddressUI=http://localhost:8989/Account/LoginAfterTokenExpired URLSettingsFrontEndMinioUrl=localhost:9001 +# ------------------------------------------------------------------------------- +# Internal routes + # Seq config Serilog__SeqServerUrl=http://seq:5341 -# RebbitMQ +# RabbitMQ RabbitMQ__HostAddress=rabbitmq \ No newline at end of file From e908fe2f8ce2234bacd02b5ac4791e18521fd94c Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 10:36:04 +0000 Subject: [PATCH 09/41] Remove suppress anti forgery (duplicates env) --- AllInOne/docker-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 2a24ed8..1d7c57d 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -261,7 +261,6 @@ services: - SubmissionKeyCloakSettings__ClientSecret=${SubmissionUIClientSecret} - SubmissionKeyCloakSettings__AccountManagementURL=${SubmissionUIAccountManagementURL} - SubmissionKeyCloakSettings__BaseUrl=${SubmissionUIKeyCloakBaseUrl} - - SuppressAntiforgery=${SuppressAntiforgery} - SubmissionKeyCloakSettings__MetadataAddress=${SubmissionUIKeyCloakMetadataAddress} - SubmissionKeyCloakSettings__Authority=${SubmissionUIKeyCloakAuthority} - URLSettingsFrontEnd__QueryImage=${URLSettingsFrontEndQueryImage} @@ -303,7 +302,6 @@ services: - MinioSettings__AccessKey=${MinioRootUser} - MinioSettings__SecretKey=${MinioRootPass} - MinioSettings__BucketName=testbucket - - SuppressAntiforgery=${SuppressAntiforgery} - MinioSettings__AdminConsole=http://minioSubmission:9001 - SubmissionKeyCloakSettings__Proxy=${useproxy} - SubmissionKeyCloakSettings__ProxyAddresURL=${proxyurl} From ff1d6f04747c2b87be62d23440687fa6d55b2070 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 10:36:39 +0000 Subject: [PATCH 10/41] Remove sslcookies (already in users env) --- AllInOne/docker-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 1d7c57d..aa25dfb 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -175,7 +175,6 @@ services: - DataEgressKeyCloakSettings__RedirectURL=${EgressKeyCloakClientUIRediretURL} - DataEgressAPISettings__Address=http://DataEgressAPI:8080 - MinioSettings__Url=http://localhost:9003 - - sslcookies=${sslcookies} - httpsRedirect=${httpsRedirect} DataEgressAPI: @@ -265,7 +264,6 @@ services: - SubmissionKeyCloakSettings__Authority=${SubmissionUIKeyCloakAuthority} - URLSettingsFrontEnd__QueryImage=${URLSettingsFrontEndQueryImage} - URLSettingsFrontEnd__MinioUrl=${URLSettingsFrontEndMinioUrl} - - sslcookies=${sslcookies} - httpsRedirect=${httpsRedirect} submissionAPI: From 25c9e5c67e7082d97d36d2ca2d0ccd8d76a64a4e Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 10:37:18 +0000 Subject: [PATCH 11/41] Remove httpsredirect (duplicates env) --- AllInOne/docker-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index aa25dfb..a751e33 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -175,7 +175,6 @@ services: - DataEgressKeyCloakSettings__RedirectURL=${EgressKeyCloakClientUIRediretURL} - DataEgressAPISettings__Address=http://DataEgressAPI:8080 - MinioSettings__Url=http://localhost:9003 - - httpsRedirect=${httpsRedirect} DataEgressAPI: <<: *environment @@ -264,7 +263,6 @@ services: - SubmissionKeyCloakSettings__Authority=${SubmissionUIKeyCloakAuthority} - URLSettingsFrontEnd__QueryImage=${URLSettingsFrontEndQueryImage} - URLSettingsFrontEnd__MinioUrl=${URLSettingsFrontEndMinioUrl} - - httpsRedirect=${httpsRedirect} submissionAPI: <<: *environment From 13eba945b234d6480be73af79d9820b688253892 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 10:38:11 +0000 Subject: [PATCH 12/41] Remove demo mode (duplicates env) --- AllInOne/docker-compose.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index a751e33..fd55f55 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -160,7 +160,6 @@ services: depends_on: - DataEgressAPI environment: - - DemoMode=${DemoMode} - DataEgressKeyCloakSettings__Authority=${EgressKeyCloakAuthority} - DataEgressKeyCloakSettings__MetadataAddress=${EgressKeyCloakMetadataAddress} - DataEgressKeyCloakSettings__BaseUrl=${EgressKeyCloakBaseRealmAddress} @@ -193,7 +192,6 @@ services: keycloak: condition: service_healthy environment: - - DemoMode=${DemoMode} - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DATA-Egress;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - TreKeyCloakSettings__Authority=${TreAPIKeyCloakAuthority} - TreKeyCloakSettings__MetadataAddress=${TreAPIKeyCloakMetadataAddress} @@ -245,7 +243,6 @@ services: volumes: - data-protection:/root/.aspnet/DataProtection-Keys environment: - - DemoMode=${DemoMode} - KeyCloakSettings__Proxy=false - DareAPISettings__Address=http://submissionAPI:8080 - DareAPISettings_HelpAddress=http://submissionAPI:8080 @@ -292,7 +289,6 @@ services: minioSubmission: condition: service_healthy environment: - - DemoMode=${DemoMode} - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Control;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - MinioSettings__Url=http://minioSubmission:9000 - MinioSettings__AccessKey=${MinioRootUser} From 9c23da6f6f57fb17f6f4285ae746dbc87ea57359 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 10:41:59 +0000 Subject: [PATCH 13/41] Internal routes moved to internal env --- AllInOne/docker-compose.yml | 1 - AllInOne/internal.env | 2 ++ AllInOne/routes.env | 9 --------- 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index fd55f55..447a227 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -59,7 +59,6 @@ services: - Features__EphemeralCredentials=true - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Tre;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - ConnectionStrings__CredentialsConnection=Server=postgres;Port=5432;Database=TRE_Credentials;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - - Serilog__SeqServerUrl=http://seq:5341 - DareAPISettings__Address=http://submissionAPI:8080 - DataEgressAPISettings__Address=https://egressAPI:8080 - EnableExternalHangfire=${EnableExternalHangfire} diff --git a/AllInOne/internal.env b/AllInOne/internal.env index 999c3fb..7da7133 100644 --- a/AllInOne/internal.env +++ b/AllInOne/internal.env @@ -105,3 +105,5 @@ SubmissionAutoTrustKeycloakCert=false SubmissionValidIssuer= SubmissionValidAudience= +Serilog__SeqServerUrl=http://seq:5341 +RabbitMQ__HostAddress=rabbitmq \ No newline at end of file diff --git a/AllInOne/routes.env b/AllInOne/routes.env index 776444c..b3e9e34 100644 --- a/AllInOne/routes.env +++ b/AllInOne/routes.env @@ -35,12 +35,3 @@ TreKeyCloakSettings__TokenExpiredAddress=http://localhost:8989/Account/LoginAfte TreAPIKeyCloakClientUIRediretURL=http://localhost:8989/ TreAPIKeyCloakTokenExpredAddressUI=http://localhost:8989/Account/LoginAfterTokenExpired URLSettingsFrontEndMinioUrl=localhost:9001 - -# ------------------------------------------------------------------------------- -# Internal routes - -# Seq config -Serilog__SeqServerUrl=http://seq:5341 - -# RabbitMQ -RabbitMQ__HostAddress=rabbitmq \ No newline at end of file From 4fae6cfb73540875b6f026c480fd5cbc99639330 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 10:54:31 +0000 Subject: [PATCH 14/41] Move credentialsconnection string --- AllInOne/docker-compose.yml | 2 -- AllInOne/internal.env | 4 +++- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 447a227..ee96865 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -58,7 +58,6 @@ services: - Features__DemoAllInOne=${DemoMode} - Features__EphemeralCredentials=true - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Tre;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - - ConnectionStrings__CredentialsConnection=Server=postgres;Port=5432;Database=TRE_Credentials;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - DareAPISettings__Address=http://submissionAPI:8080 - DataEgressAPISettings__Address=https://egressAPI:8080 - EnableExternalHangfire=${EnableExternalHangfire} @@ -360,7 +359,6 @@ services: - VaultSettings__SecretEngine=secret - VaultSettings__EnableRetry=true - VaultSettings__MaxRetryAttempts=3 - - ConnectionStrings__CredentialsConnection=Server=postgres;Port=5432;Database=TRE_Credentials;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD}; - ConnectionStrings__TREPostgresConnection=Server=${TRE_DATA_SERVER};Port=${TRE_DATA_PORT};Database=${TRE_DATA_DATABASE};Include Error Detail=true;User Id=${TRE_DATA_USER};Password=${TRE_DATA_PASSWORD}; ###################################################### diff --git a/AllInOne/internal.env b/AllInOne/internal.env index 7da7133..7029003 100644 --- a/AllInOne/internal.env +++ b/AllInOne/internal.env @@ -106,4 +106,6 @@ SubmissionValidIssuer= SubmissionValidAudience= Serilog__SeqServerUrl=http://seq:5341 -RabbitMQ__HostAddress=rabbitmq \ No newline at end of file +RabbitMQ__HostAddress=rabbitmq + +ConnectionStrings__CredentialsConnection=Server=postgres;Port=5432;Database=TRE_Credentials;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; \ No newline at end of file From 8ae81359b5cbff74dcf97c51cf32ee9c15ef3b43 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 11:10:38 +0000 Subject: [PATCH 15/41] Remove hutchssl as already in env --- AllInOne/docker-compose.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index ee96865..f6c80db 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -61,7 +61,6 @@ services: - DareAPISettings__Address=http://submissionAPI:8080 - DataEgressAPISettings__Address=https://egressAPI:8080 - EnableExternalHangfire=${EnableExternalHangfire} - - IgnoreHutchSSL=${IgnoreHutchSSL} - TreKeyCloakSettings__Authority=${TreKeyCloakAuthority} - TreKeyCloakSettings__MetadataAddress=${TreKeyCloakMetadataAddress} - TreKeyCloakSettings__BaseUrl=${TreKeyCloakBaseRealmAddress} From 2be42c4cc4e3da1ad953542ec952a2e20b41fa94 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 11:11:12 +0000 Subject: [PATCH 16/41] move external hangfire to internal env --- AllInOne/docker-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index f6c80db..987b9fb 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -60,7 +60,6 @@ services: - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Tre;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - DareAPISettings__Address=http://submissionAPI:8080 - DataEgressAPISettings__Address=https://egressAPI:8080 - - EnableExternalHangfire=${EnableExternalHangfire} - TreKeyCloakSettings__Authority=${TreKeyCloakAuthority} - TreKeyCloakSettings__MetadataAddress=${TreKeyCloakMetadataAddress} - TreKeyCloakSettings__BaseUrl=${TreKeyCloakBaseRealmAddress} @@ -68,7 +67,6 @@ services: - TreKeyCloakSettings__ClientSecret=${TreKeyCloakSecret} - TreKeyCloakSettings__ValidAudiences=${TreValidAudiences} - TreKeyCloakSettings__Proxy=${useproxy} - - EnableExternalHangfire=true - TreKeyCloakSettings__ProxyAddresURL=${proxyurl} - TreKeyCloakSettings__BypassProxy="treAPI,seq-tre" - TreKeyCloakSettings__TokenExpiredAddress=${TreKeyCloakTokenExpredAddressUI} From 48c23fc5e500d862cae087e6356dac726060be93 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 11:12:33 +0000 Subject: [PATCH 17/41] Trename already in env --- AllInOne/docker-compose.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 987b9fb..9f64edf 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -103,7 +103,6 @@ services: - DataEgressAPISettings__Address=http://DataEgressAPI:8080 - AgentSettings__TESKAPIURL=${TesAPIUrl} - AgentSettings__TESKOutputBucketPrefix=${TesOutputBucketPrefix} - - TreName=${TreName} - MinioTRESettings__Url=http://minioTRE:9000 - MinioTRESettings__HutchURLOverride=${HutchMinioURLOverride} - MinioTRESettings__AccessKey=${TreMinioAdminUser} From 6438adf51e307e0d10a7662dbd6e203d13119c7b Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 11:52:51 +0000 Subject: [PATCH 18/41] Move TES settings out of compose --- AllInOne/docker-compose.yml | 4 ---- AllInOne/internal.env | 2 +- AllInOne/user.env | 5 +++-- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 9f64edf..7b60239 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -96,13 +96,9 @@ services: - SubmissionKeyCloakSettings__TokenExpiredAddress=${SubmissionAPIKeyCloakTokenExpredAddressUI} - SubmissionKeyCloakSettings__UseRedirectURL=${SubmissionAPIKeyCloakUseRedirect} - SubmissionKeyCloakSettings__RedirectURL=${SubmissionAPIKeyCloakClientUIRedirectURL} - - AgentSettings__UseTESK=${UseTESK} - - AgentSettings__UseRabbit=${UseRabbit} - JobSettings__scanSchedule=${scanSchedule} - JobSettings__syncSchedule=${syncSchedule} - DataEgressAPISettings__Address=http://DataEgressAPI:8080 - - AgentSettings__TESKAPIURL=${TesAPIUrl} - - AgentSettings__TESKOutputBucketPrefix=${TesOutputBucketPrefix} - MinioTRESettings__Url=http://minioTRE:9000 - MinioTRESettings__HutchURLOverride=${HutchMinioURLOverride} - MinioTRESettings__AccessKey=${TreMinioAdminUser} diff --git a/AllInOne/internal.env b/AllInOne/internal.env index 7029003..bc7b7b3 100644 --- a/AllInOne/internal.env +++ b/AllInOne/internal.env @@ -43,7 +43,7 @@ MinioTreIdentityID=Dare-TRE-Minio MinioTreIdentityConfigURL=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration # Output bucket prefix for the TES executing agent to write results to -TesOutputBucketPrefix=s3:// +AgentSettings__TESKOutputBucketPrefix=s3:// IgnoreHutchSSL=true HutchDbServer=theserver diff --git a/AllInOne/user.env b/AllInOne/user.env index 90614c8..a46c852 100644 --- a/AllInOne/user.env +++ b/AllInOne/user.env @@ -24,5 +24,6 @@ sslcookies=false httpsRedirect=false # Task execution optoins -UseTESK=false -UseRabbit=false +AgentSettings__UseTESK=false +AgentSettings__UseRabbit=false +AgentSettings__TESKAPIURL= From 93ae4abce7a18b2dd681f651449df93175219fda Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 11:56:02 +0000 Subject: [PATCH 19/41] Move job settings to env --- AllInOne/docker-compose.yml | 2 -- AllInOne/internal.env | 5 +++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 7b60239..2f3502f 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -96,8 +96,6 @@ services: - SubmissionKeyCloakSettings__TokenExpiredAddress=${SubmissionAPIKeyCloakTokenExpredAddressUI} - SubmissionKeyCloakSettings__UseRedirectURL=${SubmissionAPIKeyCloakUseRedirect} - SubmissionKeyCloakSettings__RedirectURL=${SubmissionAPIKeyCloakClientUIRedirectURL} - - JobSettings__scanSchedule=${scanSchedule} - - JobSettings__syncSchedule=${syncSchedule} - DataEgressAPISettings__Address=http://DataEgressAPI:8080 - MinioTRESettings__Url=http://minioTRE:9000 - MinioTRESettings__HutchURLOverride=${HutchMinioURLOverride} diff --git a/AllInOne/internal.env b/AllInOne/internal.env index bc7b7b3..5320347 100644 --- a/AllInOne/internal.env +++ b/AllInOne/internal.env @@ -50,8 +50,9 @@ HutchDbServer=theserver HutchDbName=theDb HutchDbPort=24 -syncSchedule=2 -scanSchedule=1 +JobSettings__scanSchedule=1 +JobSettings__syncSchedule=2 + EnableExternalHangfire=false submissionMinioUrl=http://minioSubmission:9000 From fbe8051b282edf69a8a1bc85ff7f59da08f2fded Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 13:04:17 +0000 Subject: [PATCH 20/41] Move hutch settings --- AllInOne/docker-compose.yml | 5 ----- AllInOne/internal.env | 7 +++---- AllInOne/routes.env | 4 ++-- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 2f3502f..4404f9a 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -98,7 +98,6 @@ services: - SubmissionKeyCloakSettings__RedirectURL=${SubmissionAPIKeyCloakClientUIRedirectURL} - DataEgressAPISettings__Address=http://DataEgressAPI:8080 - MinioTRESettings__Url=http://minioTRE:9000 - - MinioTRESettings__HutchURLOverride=${HutchMinioURLOverride} - MinioTRESettings__AccessKey=${TreMinioAdminUser} - MinioTRESettings__SecretKey=${TreMinioAdminPassword} - MinioTRESettings__AdminConsole=http://minioTRE:9001 @@ -109,10 +108,6 @@ services: - MinioSubSettings__BucketName=testbucket - MinioSubSettings__AWSRegion=us-east-1 - MinioTRESettings__AWSRegion=us-east-1 - - Hutch__APIAddress=${HutchAPIAddress} - - Hutch__DbServer=${HutchDbServer} - - Hutch__DbName=${HutchDbName} - - Hutch__DbPort=${HutchDbPort} - CredentialAPISettings__StartWebhookUrl=${CredentialAPISettingsStartWebhookUrl} - CredentialAPISettings__RevokeWebhookUrl=${CredentialAPISettingsRevokeWebhookUrl} - VaultSettings__BaseUrl=http://vault:8200 diff --git a/AllInOne/internal.env b/AllInOne/internal.env index 5320347..17f8ae7 100644 --- a/AllInOne/internal.env +++ b/AllInOne/internal.env @@ -45,10 +45,9 @@ MinioTreIdentityConfigURL=http://keycloak:8080/realms/Dare-TRE/.well-known/openi # Output bucket prefix for the TES executing agent to write results to AgentSettings__TESKOutputBucketPrefix=s3:// -IgnoreHutchSSL=true -HutchDbServer=theserver -HutchDbName=theDb -HutchDbPort=24 +Hutch__DbServer=theserver +Hutch__DbName=theDb +Hutch__DbPort=24 JobSettings__scanSchedule=1 JobSettings__syncSchedule=2 diff --git a/AllInOne/routes.env b/AllInOne/routes.env index b3e9e34..c16aad0 100644 --- a/AllInOne/routes.env +++ b/AllInOne/routes.env @@ -12,8 +12,8 @@ MinioBrowser=http://localhost:9000 TesAPIUrl=http://host.docker.internal:8000/v1/tasks # Hutch config -HutchAPIAddress=https://localhost:7239 -HutchMinioURLOverride= +Hutch__HutchAPIAddress=https://localhost:7239 +MinioTRESettings__HutchMinioURLOverride= # Egress config EgressKeyCloakClientUIRediretURL=https//localhost:8100/ From 75abb62e16b1c75e4c673aa38a4c55571312b11a Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 14:00:42 +0000 Subject: [PATCH 21/41] Move dareapi settings --- AllInOne/docker-compose.yml | 2 -- AllInOne/internal.env | 4 +++- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 4404f9a..b6d1d3c 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -58,7 +58,6 @@ services: - Features__DemoAllInOne=${DemoMode} - Features__EphemeralCredentials=true - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Tre;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - - DareAPISettings__Address=http://submissionAPI:8080 - DataEgressAPISettings__Address=https://egressAPI:8080 - TreKeyCloakSettings__Authority=${TreKeyCloakAuthority} - TreKeyCloakSettings__MetadataAddress=${TreKeyCloakMetadataAddress} @@ -227,7 +226,6 @@ services: - data-protection:/root/.aspnet/DataProtection-Keys environment: - KeyCloakSettings__Proxy=false - - DareAPISettings__Address=http://submissionAPI:8080 - DareAPISettings_HelpAddress=http://submissionAPI:8080 - FormIOSettings__UseInternal=true - SubmissionKeyCloakSettings__Proxy=${useproxy} diff --git a/AllInOne/internal.env b/AllInOne/internal.env index 17f8ae7..01b0c0c 100644 --- a/AllInOne/internal.env +++ b/AllInOne/internal.env @@ -108,4 +108,6 @@ SubmissionValidAudience= Serilog__SeqServerUrl=http://seq:5341 RabbitMQ__HostAddress=rabbitmq -ConnectionStrings__CredentialsConnection=Server=postgres;Port=5432;Database=TRE_Credentials;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; \ No newline at end of file +ConnectionStrings__CredentialsConnection=Server=postgres;Port=5432;Database=TRE_Credentials;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; + +DareAPISettings__Address=http://submissionAPI:8080 From e3452037493f253d7442a1854ddf28c7d4e295c5 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 15:30:45 +0000 Subject: [PATCH 22/41] Move egress api setting to config --- AllInOne/docker-compose.yml | 5 +---- AllInOne/internal.env | 1 + 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index b6d1d3c..40d6a3c 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -58,7 +58,6 @@ services: - Features__DemoAllInOne=${DemoMode} - Features__EphemeralCredentials=true - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Tre;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - - DataEgressAPISettings__Address=https://egressAPI:8080 - TreKeyCloakSettings__Authority=${TreKeyCloakAuthority} - TreKeyCloakSettings__MetadataAddress=${TreKeyCloakMetadataAddress} - TreKeyCloakSettings__BaseUrl=${TreKeyCloakBaseRealmAddress} @@ -95,7 +94,6 @@ services: - SubmissionKeyCloakSettings__TokenExpiredAddress=${SubmissionAPIKeyCloakTokenExpredAddressUI} - SubmissionKeyCloakSettings__UseRedirectURL=${SubmissionAPIKeyCloakUseRedirect} - SubmissionKeyCloakSettings__RedirectURL=${SubmissionAPIKeyCloakClientUIRedirectURL} - - DataEgressAPISettings__Address=http://DataEgressAPI:8080 - MinioTRESettings__Url=http://minioTRE:9000 - MinioTRESettings__AccessKey=${TreMinioAdminUser} - MinioTRESettings__SecretKey=${TreMinioAdminPassword} @@ -154,7 +152,6 @@ services: - DataEgressKeyCloakSettings__TokenExpiredAddress=${EgressKeyCloakTokenExpredAddressUI} - DataEgressKeyCloakSettings__UseRedirectURL=${EgressKeyCloakUseRedirect} - DataEgressKeyCloakSettings__RedirectURL=${EgressKeyCloakClientUIRediretURL} - - DataEgressAPISettings__Address=http://DataEgressAPI:8080 - MinioSettings__Url=http://localhost:9003 DataEgressAPI: @@ -204,7 +201,7 @@ services: - MinioSettings__BucketName=testbucket - MinioSettings__AdminConsole=http://minioIn:9001 - TreAPISettings__Address=http://treapi:8080 - - DataEgressAPISettings__Address=http://DataEgressAPI:8100 + ###################################################### # SUBMISSION LAYER diff --git a/AllInOne/internal.env b/AllInOne/internal.env index 01b0c0c..7148fdc 100644 --- a/AllInOne/internal.env +++ b/AllInOne/internal.env @@ -111,3 +111,4 @@ RabbitMQ__HostAddress=rabbitmq ConnectionStrings__CredentialsConnection=Server=postgres;Port=5432;Database=TRE_Credentials;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; DareAPISettings__Address=http://submissionAPI:8080 +DataEgressAPISettings__Address=http://DataEgressAPI:8080 \ No newline at end of file From 118550fbeb148ccc4343051238f6b5f1376f18be Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Fri, 6 Feb 2026 15:51:37 +0000 Subject: [PATCH 23/41] Move tre key cloak settings to config --- AllInOne/docker-compose.yml | 18 ------------------ AllInOne/internal.env | 2 +- 2 files changed, 1 insertion(+), 19 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 40d6a3c..7151fc5 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -58,18 +58,9 @@ services: - Features__DemoAllInOne=${DemoMode} - Features__EphemeralCredentials=true - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Tre;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - - TreKeyCloakSettings__Authority=${TreKeyCloakAuthority} - - TreKeyCloakSettings__MetadataAddress=${TreKeyCloakMetadataAddress} - - TreKeyCloakSettings__BaseUrl=${TreKeyCloakBaseRealmAddress} - - TreKeyCloakSettings__ClientId=${TreKeyCloakClientId} - - TreKeyCloakSettings__ClientSecret=${TreKeyCloakSecret} - - TreKeyCloakSettings__ValidAudiences=${TreValidAudiences} - TreKeyCloakSettings__Proxy=${useproxy} - TreKeyCloakSettings__ProxyAddresURL=${proxyurl} - - TreKeyCloakSettings__BypassProxy="treAPI,seq-tre" - TreKeyCloakSettings__TokenExpiredAddress=${TreKeyCloakTokenExpredAddressUI} - - TreKeyCloakSettings__UseRedirectURL=${TreKeyCloakUseRedirect} - - TreKeyCloakSettings__RedirectURL=${TreKeyCloakClientUIRediretURL} - DataEgressKeyCloakSettings__Authority=${EgressKeyCloakAuthority} - DataEgressKeyCloakSettings__MetadataAddress=${EgressKeyCloakMetadataAddress} - DataEgressKeyCloakSettings__BaseUrl=${EgressKeyCloakBaseRealmAddress} @@ -172,18 +163,9 @@ services: condition: service_healthy environment: - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DATA-Egress;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - - TreKeyCloakSettings__Authority=${TreAPIKeyCloakAuthority} - - TreKeyCloakSettings__MetadataAddress=${TreAPIKeyCloakMetadataAddress} - - TreKeyCloakSettings__BaseUrl=${TreAPIKeyCloakBaseRealmAddress} - - TreKeyCloakSettings__ClientId=${TreAPIKeyCloakClientId} - - TreKeyCloakSettings__ClientSecret=${TreAPIKeyCloakSecret} - - TreKeyCloakSettings__ValidAudiences=${TreAPIValidAudiences} - TreKeyCloakSettings__Proxy=${useproxy} - TreKeyCloakSettings__ProxyAddresURL=${proxyurl} - - TreKeyCloakSettings__BypassProxy="treAPI,seq-tre" - TreKeyCloakSettings__TokenExpiredAddress=${TreAPIKeyCloakTokenExpredAddressUI} - - TreKeyCloakSettings__UseRedirectURL=${TreKeyCloakUseRedirect} - - TreKeyCloakSettings__RedirectURL=${TreKeyCloakClientUIRediretURL} - DataEgressKeyCloakSettings__Authority=${EgressKeyCloakAuthority} - DataEgressKeyCloakSettings__MetadataAddress=${EgressKeyCloakMetadataAddress} - DataEgressKeyCloakSettings__BaseUrl=${EgressKeyCloakBaseRealmAddress} diff --git a/AllInOne/internal.env b/AllInOne/internal.env index 7148fdc..29dda02 100644 --- a/AllInOne/internal.env +++ b/AllInOne/internal.env @@ -11,7 +11,7 @@ TRE_DATA_PORT=5432 TRE_DATA_DATABASE=tredata # TRE UI settings -TreAPISettings__InternalApiBaseUrll=http://treAPI:8080 +TreAPISettings__InternalApiBaseUrl=http://treAPI:8080 TreAPISettings__PublicApiBaseUrl=http://localhost:8072 Serilog__SeqServerUrl=http://seq:5341 From faa269a6bfeec9c062cccb91fda1f40e08020016 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Mon, 9 Feb 2026 15:59:14 +0000 Subject: [PATCH 24/41] Move data egress keycloak settings for tre-api --- AllInOne/docker-compose.yml | 16 +++++----------- AllInOne/internal.env | 18 +++++++++++------- AllInOne/routes.env | 4 ++-- 3 files changed, 18 insertions(+), 20 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 7151fc5..ac4691c 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -60,19 +60,13 @@ services: - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Tre;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - TreKeyCloakSettings__Proxy=${useproxy} - TreKeyCloakSettings__ProxyAddresURL=${proxyurl} - - TreKeyCloakSettings__TokenExpiredAddress=${TreKeyCloakTokenExpredAddressUI} - - DataEgressKeyCloakSettings__Authority=${EgressKeyCloakAuthority} - - DataEgressKeyCloakSettings__MetadataAddress=${EgressKeyCloakMetadataAddress} - - DataEgressKeyCloakSettings__BaseUrl=${EgressKeyCloakBaseRealmAddress} - - DataEgressKeyCloakSettings__ClientId=${EgressKeyCloakClientID} - - DataEgressKeyCloakSettings__ClientSecret=${EgressKeyCloakSecret} - - DataEgressKeyCloakSettings__ValidAudiences=${EgressValidAudiences} + - TreKeyCloakSettings__TokenExpiredAddress= - DataEgressKeyCloakSettings__Proxy=${useproxy} - DataEgressKeyCloakSettings__ProxyAddresURL=${proxyurl} - - DataEgressKeyCloakSettings__BypassProxy="DataEgressUI,treAPI,seq-tre" - - DataEgressKeyCloakSettings__TokenExpiredAddress=${EgressKeyCloakTokenExpredAddressUI} - - DataEgressKeyCloakSettings__UseRedirectURL=${EgressKeyCloakUseRedirect} - - DataEgressKeyCloakSettings__RedirectURL=${EgressKeyCloakClientUIRediretURL} + + + + - SubmissionKeyCloakSettings__Authority=${SubmissionAPIKeyCloakAuthority} - SubmissionKeyCloakSettings__MetadataAddress=${SubmissionAPIKeyCloakMetadataAddress} - SubmissionKeyCloakSettings__BaseUrl=${SubmissionAPIKeyCloakBaseRealmAddress} diff --git a/AllInOne/internal.env b/AllInOne/internal.env index 29dda02..0a237c2 100644 --- a/AllInOne/internal.env +++ b/AllInOne/internal.env @@ -57,13 +57,17 @@ EnableExternalHangfire=false submissionMinioUrl=http://minioSubmission:9000 submissionMinioAdminConsole=http://minioSubmission:9001 -EgressKeyCloakUseRedirect=false -EgressKeyCloakBaseRealmAddress=http://keycloak:8080/realms/Data-Egress -EgressKeyCloakAuthority=http://keycloak:8080/realms/Data-Egress/.well-known/openid-configuration -EgressKeyCloakMetadataAddress=http://keycloak:8080/realms/Data-Egress/.well-known/openid-configuration -EgressValidAudiences=Data-Egress-UI,Data-Egress-API -EgressKeyCloakSecret=81c1f071-8c45-49ef-a966-84ca8f420b7e -EgressKeyCloakClientID=Data-Egress-API +# DataEgress KeyCloak settings +DataEgressKeyCloakSettings__Authority=http://keycloak:8080/realms/Data-Egress/.well-known/openid-configuration +DataEgressKeyCloakSettings__MetadataAddress=http://keycloak:8080/realms/Data-Egress/.well-known/openid-configuration +DataEgressKeyCloakSettings__BaseUrl=http://keycloak:8080/realms/Data-Egress +DataEgressKeyCloakSettings__ClientId=Data-Egress-API +DataEgressKeyCloakSettings__ClientSecret=81c1f071-8c45-49ef-a966-84ca8f420b7e +DataEgressKeyCloakSettings__ValidAudiences=Data-Egress-UI,Data-Egress-API +DataEgressKeyCloakSettings__UseRedirectURL=false +DataEgressKeyCloakSettings__BypassProxy="DataEgressUI,treAPI,seq-tre" + + SubmissionAPIKeyCloakUseRedirect=false SubmissionAPIKeyCloakClientId=Dare-Control-API diff --git a/AllInOne/routes.env b/AllInOne/routes.env index c16aad0..5ea3b9e 100644 --- a/AllInOne/routes.env +++ b/AllInOne/routes.env @@ -16,8 +16,8 @@ Hutch__HutchAPIAddress=https://localhost:7239 MinioTRESettings__HutchMinioURLOverride= # Egress config -EgressKeyCloakClientUIRediretURL=https//localhost:8100/ -EgressKeyCloakTokenExpredAddressUI=http://localhost:8100/Account/LoginAfterTokenExpired +DataEgressKeyCloakSettings__RedirectURL=https//localhost:8100/ +DataEgressKeyCloakSettings__TokenExpiredAddress=http://localhost:8100/Account/LoginAfterTokenExpired # Submission config SubmissionAPIKeyCloakClientUIRedirectURL=http://localhost:8989/ From 9af6798ac428949c6daff17911da2f4a9e8fc6df Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Tue, 10 Feb 2026 09:27:53 +0000 Subject: [PATCH 25/41] Move submission keycloak settings --- AllInOne/docker-compose.yml | 16 ++-------------- AllInOne/internal.env | 21 ++++++++++++++------- AllInOne/routes.env | 4 ++-- 3 files changed, 18 insertions(+), 23 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index ac4691c..e442896 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -63,22 +63,10 @@ services: - TreKeyCloakSettings__TokenExpiredAddress= - DataEgressKeyCloakSettings__Proxy=${useproxy} - DataEgressKeyCloakSettings__ProxyAddresURL=${proxyurl} - - - - - - SubmissionKeyCloakSettings__Authority=${SubmissionAPIKeyCloakAuthority} - - SubmissionKeyCloakSettings__MetadataAddress=${SubmissionAPIKeyCloakMetadataAddress} - - SubmissionKeyCloakSettings__BaseUrl=${SubmissionAPIKeyCloakBaseRealmAddress} - - SubmissionKeyCloakSettings__ClientId=${SubmissionAPIKeyCloakClientId} - - SubmissionKeyCloakSettings__ClientSecret=${SubmissionAPIKeyCloakSecret} - - SubmissionKeyCloakSettings__ValidAudiences=${SubmissionAPIValidAudiences} - SubmissionKeyCloakSettings__Proxy=${useproxy} - SubmissionKeyCloakSettings__ProxyAddresURL=${proxyurl} - - SubmissionKeyCloakSettings__BypassProxy="treAPI,seq-tre" - - SubmissionKeyCloakSettings__TokenExpiredAddress=${SubmissionAPIKeyCloakTokenExpredAddressUI} - - SubmissionKeyCloakSettings__UseRedirectURL=${SubmissionAPIKeyCloakUseRedirect} - - SubmissionKeyCloakSettings__RedirectURL=${SubmissionAPIKeyCloakClientUIRedirectURL} + + - MinioTRESettings__Url=http://minioTRE:9000 - MinioTRESettings__AccessKey=${TreMinioAdminUser} - MinioTRESettings__SecretKey=${TreMinioAdminPassword} diff --git a/AllInOne/internal.env b/AllInOne/internal.env index 0a237c2..a7da19e 100644 --- a/AllInOne/internal.env +++ b/AllInOne/internal.env @@ -67,18 +67,25 @@ DataEgressKeyCloakSettings__ValidAudiences=Data-Egress-UI,Data-Egress-API DataEgressKeyCloakSettings__UseRedirectURL=false DataEgressKeyCloakSettings__BypassProxy="DataEgressUI,treAPI,seq-tre" +SubmissionKeyCloakSettings__Authority=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration +SubmissionKeyCloakSettings__MetadataAddress=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration +SubmissionKeyCloakSettings__BaseUrl=http://keycloak:8080/realms/Dare-Control +SubmissionKeyCloakSettings__ClientId=Dare-Control-API +SubmissionKeyCloakSettings__ClientSecret=2e60b956-16bc-4dea-8b49-118a8baac5e5 +SubmissionKeyCloakSettings__ValidAudiences=Dare-Control-UI,Dare-Control-API,Dare-Control-Minio +SubmissionKeyCloakSettings__BypassProxy="treAPI,seq-tre" +SubmissionKeyCloakSettings__UseRedirectURL=false + + + + -SubmissionAPIKeyCloakUseRedirect=false -SubmissionAPIKeyCloakClientId=Dare-Control-API -SubmissionAPIKeyCloakBaseRealmAddress=http://keycloak:8080/realms/Dare-Control -SubmissionAPIKeyCloakAuthority=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration -SubmissionAPIKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration -SubmissionAPIValidAudiences=Dare-Control-UI,Dare-Control-API,Dare-Control-Minio -SubmissionAPIKeyCloakSecret=2e60b956-16bc-4dea-8b49-118a8baac5e5 SubmissionUIAccountManagementURL=http://keycloak:8080/realms/Dare-Control/account SubmissionUIKeyCloakBaseUrl=http://keycloak:8080/realms/Dare-Control + + KeyCloakUseRedirect=false SubmissionUIClientSecret=1218304e-bf92-4706-83f6-912e0b04ecb9 SubmissionUIKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration diff --git a/AllInOne/routes.env b/AllInOne/routes.env index 5ea3b9e..fab0600 100644 --- a/AllInOne/routes.env +++ b/AllInOne/routes.env @@ -20,8 +20,8 @@ DataEgressKeyCloakSettings__RedirectURL=https//localhost:8100/ DataEgressKeyCloakSettings__TokenExpiredAddress=http://localhost:8100/Account/LoginAfterTokenExpired # Submission config -SubmissionAPIKeyCloakClientUIRedirectURL=http://localhost:8989/ -SubmissionAPIKeyCloakTokenExpredAddressUI=http://localhost:8989/Account/LoginAfterTokenExpired +SubmissionKeyCloakSettings__TokenExpiredAddress=http://localhost:8989/Account/LoginAfterTokenExpired +SubmissionKeyCloakSettings__RedirectURL=http://localhost:8989/ # Keycloak config KeyCloakClientUIRediretURL=http://localhost:8888/ From f6e6e14f5c2b80b1e2545c2aac7e826c9dbe52c2 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Tue, 10 Feb 2026 09:36:27 +0000 Subject: [PATCH 26/41] Remove dangling data egress keycloak settings --- AllInOne/docker-compose.yml | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index e442896..466b7df 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -113,18 +113,8 @@ services: depends_on: - DataEgressAPI environment: - - DataEgressKeyCloakSettings__Authority=${EgressKeyCloakAuthority} - - DataEgressKeyCloakSettings__MetadataAddress=${EgressKeyCloakMetadataAddress} - - DataEgressKeyCloakSettings__BaseUrl=${EgressKeyCloakBaseRealmAddress} - - DataEgressKeyCloakSettings__ClientId=${EgressKeyCloakClientID} - - DataEgressKeyCloakSettings__ClientSecret=${EgressKeyCloakSecret} - - DataEgressKeyCloakSettings__ValidAudiences=${EgressValidAudiences} - DataEgressKeyCloakSettings__Proxy=${useproxy} - DataEgressKeyCloakSettings__ProxyAddresURL=${proxyurl} - - DataEgressKeyCloakSettings__BypassProxy=treAPI,seq-tre - - DataEgressKeyCloakSettings__TokenExpiredAddress=${EgressKeyCloakTokenExpredAddressUI} - - DataEgressKeyCloakSettings__UseRedirectURL=${EgressKeyCloakUseRedirect} - - DataEgressKeyCloakSettings__RedirectURL=${EgressKeyCloakClientUIRediretURL} - MinioSettings__Url=http://localhost:9003 DataEgressAPI: @@ -147,18 +137,8 @@ services: - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DATA-Egress;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - TreKeyCloakSettings__Proxy=${useproxy} - TreKeyCloakSettings__ProxyAddresURL=${proxyurl} - - TreKeyCloakSettings__TokenExpiredAddress=${TreAPIKeyCloakTokenExpredAddressUI} - - DataEgressKeyCloakSettings__Authority=${EgressKeyCloakAuthority} - - DataEgressKeyCloakSettings__MetadataAddress=${EgressKeyCloakMetadataAddress} - - DataEgressKeyCloakSettings__BaseUrl=${EgressKeyCloakBaseRealmAddress} - - DataEgressKeyCloakSettings__ClientId=${EgressKeyCloakClientID} - - DataEgressKeyCloakSettings__ClientSecret=${EgressKeyCloakSecret} - - DataEgressKeyCloakSettings__ValidAudiences=${EgressKeyCloakClientID} - DataEgressKeyCloakSettings__Proxy=${useproxy} - DataEgressKeyCloakSettings__ProxyAddresURL=${proxyurl} - - DataEgressKeyCloakSettings__BypassProxy="treAPI,seq-tre" - - DataEgressKeyCloakSettings__TokenExpiredAddress=${EgressKeyCloakTokenExpredAddressUI} - - DataEgressKeyCloakSettings__UseRedirectURL=${EgressKeyCloakUseRedirect} - MinioSettings__Url=http://minioTRE:9000 - MinioSettings__AccessKey=${TreMinioAdminUser} - MinioSettings__SecretKey=${TreMinioAdminPassword} From 2f4ec15b9203bb52dcef9c3b8b8d5fd494244074 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Tue, 10 Feb 2026 15:37:23 +0000 Subject: [PATCH 27/41] Move submission keycloak config --- AllInOne/docker-compose.yml | 9 --------- AllInOne/internal.env | 2 +- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 466b7df..aebe272 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -171,15 +171,6 @@ services: - FormIOSettings__UseInternal=true - SubmissionKeyCloakSettings__Proxy=${useproxy} - SubmissionKeyCloakSettings__ProxyAddresURL=${proxyurl} - - SubmissionKeyCloakSettings__BypassProxy="submissionAPI,seq" - - SubmissionKeyCloakSettings__TokenExpiredAddress=${KeyCloakTokenExpredAddressUI} - - SubmissionKeyCloakSettings__UseRedirectURL=${KeyCloakUseRedirect} - - SubmissionKeyCloakSettings__RedirectURL=${KeyCloakClientUIRediretURL} - - SubmissionKeyCloakSettings__ClientSecret=${SubmissionUIClientSecret} - - SubmissionKeyCloakSettings__AccountManagementURL=${SubmissionUIAccountManagementURL} - - SubmissionKeyCloakSettings__BaseUrl=${SubmissionUIKeyCloakBaseUrl} - - SubmissionKeyCloakSettings__MetadataAddress=${SubmissionUIKeyCloakMetadataAddress} - - SubmissionKeyCloakSettings__Authority=${SubmissionUIKeyCloakAuthority} - URLSettingsFrontEnd__QueryImage=${URLSettingsFrontEndQueryImage} - URLSettingsFrontEnd__MinioUrl=${URLSettingsFrontEndMinioUrl} diff --git a/AllInOne/internal.env b/AllInOne/internal.env index a7da19e..b32f3dc 100644 --- a/AllInOne/internal.env +++ b/AllInOne/internal.env @@ -73,7 +73,7 @@ SubmissionKeyCloakSettings__BaseUrl=http://keycloak:8080/realms/Dare-Control SubmissionKeyCloakSettings__ClientId=Dare-Control-API SubmissionKeyCloakSettings__ClientSecret=2e60b956-16bc-4dea-8b49-118a8baac5e5 SubmissionKeyCloakSettings__ValidAudiences=Dare-Control-UI,Dare-Control-API,Dare-Control-Minio -SubmissionKeyCloakSettings__BypassProxy="treAPI,seq-tre" +SubmissionKeyCloakSettings__BypassProxy="submissionAPI,seq-tre" SubmissionKeyCloakSettings__UseRedirectURL=false From d0339f5198de665724696a62a81bc6f862b85c55 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Wed, 11 Feb 2026 09:29:40 +0000 Subject: [PATCH 28/41] Move more submission keycloak to interneal --- AllInOne/docker-compose.yml | 17 ----------------- AllInOne/internal.env | 18 ++++++++---------- 2 files changed, 8 insertions(+), 27 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index aebe272..33b1377 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -211,23 +211,6 @@ services: - SubmissionKeyCloakSettings__Proxy=${useproxy} - SubmissionKeyCloakSettings__ProxyAddresURL=${proxyurl} - SubmissionKeyCloakSettings__BypassProxy=minioSubmission,seq - - SubmissionKeyCloakSettings__TokenExpiredAddress=${KeyCloakTokenExpredAddressUI} - - SubmissionKeyCloakSettings__UseRedirectURL=${KeyCloakUseRedirect} - - SubmissionKeyCloakSettings__RedirectURL=${KeyCloakClientUIRediretURL} - - SubmissionKeyCloakSettings__BaseUrl=${SubmissionAPIKeyCloakBaseRealmAddress} - - SubmissionKeyCloakSettings__MetadataAddress=${SubmissionAPIKeyCloakMetadataAddress} - - SubmissionKeyCloakSettings__Authority=${SubmissionAPIKeyCloakAuthority} - - SubmissionKeyCloakSettings__ClientSecret=${SubmissionAPIKeyCloakSecret} - #- SubmissionKeyCloakSettings__RemoteSignOutPath=${SubmissionRemoteSignOutPath} - - SubmissionKeyCloakSettings__SignedOutRedirectUri=${SubmissionSignedOutRedirectUri} - - SubmissionKeyCloakSettings__TokenRefreshSeconds=${SubmissionTokenRefreshSeconds} - - SubmissionKeyCloakSettings__ValidAudiences=${SubmissionValidAudiences} - - SubmissionKeyCloakSettings__Server=${SubmissionServer} - - SubmissionKeyCloakSettings__Protocol=${SubmissionServerProtocol} - - SubmissionKeyCloakSettings__Realm=${SubmissionRealm} - - SubmissionKeyCloakSettings__AutoTrustKeycloakCert=${SubmissionAutoTrustKeycloakCert} - - SubmissionKeyCloakSettings__ValidIssuer=${SubmissionValidIssuer} - - SubmissionKeyCloakSettings__ValidAudience=${SubmissionValidAudience} ##################################################### # Credentials diff --git a/AllInOne/internal.env b/AllInOne/internal.env index b32f3dc..58a3cde 100644 --- a/AllInOne/internal.env +++ b/AllInOne/internal.env @@ -103,18 +103,16 @@ TreAPIValidAudiences=Dare-TRE-API,Dare-TRE-UI URLSettingsFrontEndQueryImage=harbor.ukserp.ac.uk/dare-trefx/control-tre-hasura:1.34.1 +SubmissionKeyCloakSettings__SignedOutRedirectUri=/ +SubmissionKeyCloakSettings__TokenRefreshSeconds=3600 +SubmissionKeyCloakSettings__Server=keycloak:8080 +SubmissionKeyCloakSettings__Protocol=http +SubmissionKeyCloakSettings__Realm=Dare-Control +SubmissionKeyCloakSettings__AutoTrustKeycloakCert=false +SubmissionKeyCloakSettings__ValidIssuer= +SubmissionKeyCloakSettings__ValidAudience= #SubmissionAPIKeyCloakUseRedirect=false #SubmissionAPIClientSecret=1218304e-bf92-4706-83f6-912e0b04ecb9 -SuppressAntiforgery=false -SubmissionSignedOutRedirectUri=/ -SubmissionTokenRefreshSeconds=3600 -SubmissionValidAudiences=Dare-Control-UI,Dare-Control-API,Dare-Control-Minio -SubmissionServer=keycloak:8080 -SubmissionServerProtocol=http -SubmissionRealm=Dare-Control -SubmissionAutoTrustKeycloakCert=false -SubmissionValidIssuer= -SubmissionValidAudience= Serilog__SeqServerUrl=http://seq:5341 RabbitMQ__HostAddress=rabbitmq From 60dda5b785eb9d94f231c01f763a19fb9d41bbcc Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Thu, 12 Feb 2026 09:26:20 +0000 Subject: [PATCH 29/41] Move vault config to own file --- AllInOne/docker-compose.yml | 22 +--------------------- AllInOne/vault.env | 6 ++++++ 2 files changed, 7 insertions(+), 21 deletions(-) create mode 100644 AllInOne/vault.env diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 33b1377..ce753c0 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -4,6 +4,7 @@ x-environment: &environment - internal.env - routes.env - user.env + - vault.env name: AllInOne @@ -80,12 +81,6 @@ services: - MinioTRESettings__AWSRegion=us-east-1 - CredentialAPISettings__StartWebhookUrl=${CredentialAPISettingsStartWebhookUrl} - CredentialAPISettings__RevokeWebhookUrl=${CredentialAPISettingsRevokeWebhookUrl} - - VaultSettings__BaseUrl=http://vault:8200 - - VaultSettings__Token=dev-only-token - - VaultSettings__TimeoutSeconds=30 - - VaultSettings__SecretEngine=secret - - VaultSettings__EnableRetry=true - - VaultSettings__MaxRetryAttempts=3 - DmnFilePath=app/ProcessModels - TreUISettings__Address=http://localhost:8989 - TreAPISettings__Address=http://localhost:8072 @@ -242,21 +237,6 @@ services: - ZeebeBootstrap__Worker__PollIntervalInMilliseconds=50 - ZeebeBootstrap__Worker__PollingTimeoutInMilliseconds=1000 - ZeebeBootstrap__Worker__RetryTimeoutInMilliseconds=1000 - # LDAP settings - - LdapSettings__Host=openldap - - LdapSettings__Port=389 - - LdapSettings__AdminDn=cn=admin,dc=camundaephemeral,dc=local - - LdapSettings__AdminPassword=admin - - LdapSettings__BaseDn=dc=camundaephemeral,dc=local - - LdapSettings__UserOu=ou=Users - - LdapSettings__UseSSL=false - # Vault settings - - VaultSettings__BaseUrl=http://vault:8200 - - VaultSettings__Token=dev-only-token - - VaultSettings__TimeoutSeconds=30 - - VaultSettings__SecretEngine=secret - - VaultSettings__EnableRetry=true - - VaultSettings__MaxRetryAttempts=3 - ConnectionStrings__TREPostgresConnection=Server=${TRE_DATA_SERVER};Port=${TRE_DATA_PORT};Database=${TRE_DATA_DATABASE};Include Error Detail=true;User Id=${TRE_DATA_USER};Password=${TRE_DATA_PASSWORD}; ###################################################### diff --git a/AllInOne/vault.env b/AllInOne/vault.env new file mode 100644 index 0000000..b89d556 --- /dev/null +++ b/AllInOne/vault.env @@ -0,0 +1,6 @@ +VaultSettings__BaseUrl=http://vault:8200 +VaultSettings__Token=dev-only-token +VaultSettings__TimeoutSeconds=30 +VaultSettings__SecretEngine=secret +VaultSettings__EnableRetry=true +VaultSettings__MaxRetryAttempts=3 From 5ef9e832019e29137f2737501a070f750441bbe2 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Thu, 12 Feb 2026 09:26:36 +0000 Subject: [PATCH 30/41] Move ldap config to own file --- AllInOne/ldap.env | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 AllInOne/ldap.env diff --git a/AllInOne/ldap.env b/AllInOne/ldap.env new file mode 100644 index 0000000..12ec767 --- /dev/null +++ b/AllInOne/ldap.env @@ -0,0 +1,8 @@ +# LDAP settings +LdapSettings__Host=openldap +LdapSettings__Port=389 +LdapSettings__AdminDn=cn=admin,dc=camundaephemeral,dc=local +LdapSettings__AdminPassword=admin +LdapSettings__BaseDn=dc=camundaephemeral,dc=local +LdapSettings__UserOu=ou=Users +LdapSettings__UseSSL=false From 02f79a335ccf2bf84e85268da202b3defff3c027 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Mon, 16 Feb 2026 14:53:29 +0000 Subject: [PATCH 31/41] Centralise minio config --- AllInOne/creds.env | 8 +++---- AllInOne/docker-compose.yml | 44 +++++++++---------------------------- AllInOne/internal.env | 15 +++---------- AllInOne/minio.env | 23 +++++++++++++++++++ AllInOne/routes.env | 2 +- 5 files changed, 41 insertions(+), 51 deletions(-) create mode 100644 AllInOne/minio.env diff --git a/AllInOne/creds.env b/AllInOne/creds.env index a8c2d03..7864572 100644 --- a/AllInOne/creds.env +++ b/AllInOne/creds.env @@ -4,10 +4,10 @@ PGPASSWORD=admin TRE_DATA_USER=admin TRE_DATA_PASSWORD=admin -MinioRootUser=minio -MinioRootPass=minio123 +MinioTRESettings__AccessKey=minio +MinioTRESettings__SecretKey=minio123 -TreMinioAdminUser=minio -TreMinioAdminPassword=minio123 +MinioSettings__AccessKey=minio +MinioSettings__SecretKey=minio123 DemoModeDefaultP=password123 \ No newline at end of file diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index ce753c0..f164e7e 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -5,6 +5,7 @@ x-environment: &environment - routes.env - user.env - vault.env + - minio.env name: AllInOne @@ -66,19 +67,6 @@ services: - DataEgressKeyCloakSettings__ProxyAddresURL=${proxyurl} - SubmissionKeyCloakSettings__Proxy=${useproxy} - SubmissionKeyCloakSettings__ProxyAddresURL=${proxyurl} - - - - MinioTRESettings__Url=http://minioTRE:9000 - - MinioTRESettings__AccessKey=${TreMinioAdminUser} - - MinioTRESettings__SecretKey=${TreMinioAdminPassword} - - MinioTRESettings__AdminConsole=http://minioTRE:9001 - - MinioSubSettings__Url=${submissionMinioUrl} - - MinioSubSettings__AccessKey=${MinioRootUser} - - MinioSubSettings__SecretKey=${MinioRootPass} - - MinioSubSettings__AdminConsole=${submissionMinioAdminConsole} - - MinioSubSettings__BucketName=testbucket - - MinioSubSettings__AWSRegion=us-east-1 - - MinioTRESettings__AWSRegion=us-east-1 - CredentialAPISettings__StartWebhookUrl=${CredentialAPISettingsStartWebhookUrl} - CredentialAPISettings__RevokeWebhookUrl=${CredentialAPISettingsRevokeWebhookUrl} - DmnFilePath=app/ProcessModels @@ -110,7 +98,7 @@ services: environment: - DataEgressKeyCloakSettings__Proxy=${useproxy} - DataEgressKeyCloakSettings__ProxyAddresURL=${proxyurl} - - MinioSettings__Url=http://localhost:9003 + - MinioSettings__Url=${MinioTRESettings__AdminConsole} DataEgressAPI: <<: *environment @@ -134,11 +122,8 @@ services: - TreKeyCloakSettings__ProxyAddresURL=${proxyurl} - DataEgressKeyCloakSettings__Proxy=${useproxy} - DataEgressKeyCloakSettings__ProxyAddresURL=${proxyurl} - - MinioSettings__Url=http://minioTRE:9000 - - MinioSettings__AccessKey=${TreMinioAdminUser} - - MinioSettings__SecretKey=${TreMinioAdminPassword} - - MinioSettings__BucketName=testbucket - - MinioSettings__AdminConsole=http://minioIn:9001 + - MinioSettings__Url=${MinioTRESettings__Url} + - MinioSettings__AdminConsole=${MinioTRESettings__AdminConsole} - TreAPISettings__Address=http://treapi:8080 @@ -166,8 +151,6 @@ services: - FormIOSettings__UseInternal=true - SubmissionKeyCloakSettings__Proxy=${useproxy} - SubmissionKeyCloakSettings__ProxyAddresURL=${proxyurl} - - URLSettingsFrontEnd__QueryImage=${URLSettingsFrontEndQueryImage} - - URLSettingsFrontEnd__MinioUrl=${URLSettingsFrontEndMinioUrl} submissionAPI: <<: *environment @@ -198,11 +181,8 @@ services: condition: service_healthy environment: - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Control;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - - MinioSettings__Url=http://minioSubmission:9000 - - MinioSettings__AccessKey=${MinioRootUser} - - MinioSettings__SecretKey=${MinioRootPass} - - MinioSettings__BucketName=testbucket - - MinioSettings__AdminConsole=http://minioSubmission:9001 + - MinioSettings__Url=${MinioSubSettings__URL} + - MinioSettings__AdminConsole=${MinioSubSettings__AdminConsole} - SubmissionKeyCloakSettings__Proxy=${useproxy} - SubmissionKeyCloakSettings__ProxyAddresURL=${proxyurl} - SubmissionKeyCloakSettings__BypassProxy=minioSubmission,seq @@ -366,15 +346,13 @@ services: keycloak: condition: service_healthy environment: - - MINIO_ROOT_USER=${MinioRootUser} - - MINIO_ROOT_PASSWORD=${MinioRootPass} + - MINIO_ROOT_USER=${MinioSettings__AccessKey} + - MINIO_ROOT_PASSWORD=${MinioSettings__SecretKey} - MINIO_BROWSER_REDIRECT_URL=http://localhost:9001 - MINIO_SERVER_URL=http://localhost:9000 - MINIO_IDENTITY_OPENID_CONFIG_URL=${MinioIdentityConfigURL} - MINIO_IDENTITY_OPENID_CLIENT_ID=${MinioIdentityID} - MINIO_IDENTITY_OPENID_CLIENT_SECRET=${MinioOpenidSecret} - - MINIO_IDENTITY_OPENID_DISPLAY_NAME=SSO_IDENTIFIER - - MINIO_IDENTITY_OPENID_SCOPES=openid - MINIO_IDENTITY_OPENID_REDIRECT_URI_DYNAMIC=off networks: - sub-net @@ -407,14 +385,12 @@ services: restart: always command: server /data --console-address ":9001" environment: - - MINIO_ROOT_USER=${MinioRootUser} - - MINIO_ROOT_PASSWORD=${MinioRootPass} + - MINIO_ROOT_USER=${MinioTRESettings__AccessKey} + - MINIO_ROOT_PASSWORD=${MinioTRESettings__SecretKey} - MINIO_BROWSER_REDIRECT_URL=http://localhost:9003 - MINIO_IDENTITY_OPENID_CONFIG_URL=${MinioTreIdentityConfigURL} - MINIO_IDENTITY_OPENID_CLIENT_ID=${MinioTreIdentityID} - MINIO_IDENTITY_OPENID_CLIENT_SECRET=${MinioTreOpenidSecret} - - MINIO_IDENTITY_OPENID_DISPLAY_NAME=SSO_IDENTIFIER - - MINIO_IDENTITY_OPENID_SCOPES=openid - MINIO_IDENTITY_OPENID_REDIRECT_URI_DYNAMIC=on networks: - sub-net diff --git a/AllInOne/internal.env b/AllInOne/internal.env index 58a3cde..5afb147 100644 --- a/AllInOne/internal.env +++ b/AllInOne/internal.env @@ -2,7 +2,7 @@ ### This file contains config which users *should not edit* without good reason ### This file will be maintained by the developers -# -------------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ # TRE Settings # TRE DB Credentials @@ -35,13 +35,6 @@ CredentialAPISettingsStartWebhookUrl=http://connectors:8080/inbound/StartCredent CredentialAPISettingsRevokeWebhookUrl=http://connectors:8080/inbound/RevokeCredentials -MinioOpenidSecret=8a11bbcd-693a-4549-bda4-3e978fcf4de1 -MinioIdentityID=Dare-Control-Minio -MinioIdentityConfigURL=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration -MinioTreOpenidSecret=71ee3de3-0e0c-49c8-a0b2-c0e490c90591 -MinioTreIdentityID=Dare-TRE-Minio -MinioTreIdentityConfigURL=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration - # Output bucket prefix for the TES executing agent to write results to AgentSettings__TESKOutputBucketPrefix=s3:// @@ -54,8 +47,6 @@ JobSettings__syncSchedule=2 EnableExternalHangfire=false -submissionMinioUrl=http://minioSubmission:9000 -submissionMinioAdminConsole=http://minioSubmission:9001 # DataEgress KeyCloak settings DataEgressKeyCloakSettings__Authority=http://keycloak:8080/realms/Data-Egress/.well-known/openid-configuration @@ -101,7 +92,7 @@ TreAPIKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-TRE/.well-known/o TreAPIAccountManagementURLUI=http://localhost:8085/realms/Dare-TRE/account TreAPIValidAudiences=Dare-TRE-API,Dare-TRE-UI -URLSettingsFrontEndQueryImage=harbor.ukserp.ac.uk/dare-trefx/control-tre-hasura:1.34.1 +URLSettingsFrontEnd__QueryImage=harbor.ukserp.ac.uk/dare-trefx/control-tre-hasura:1.34.1 SubmissionKeyCloakSettings__SignedOutRedirectUri=/ SubmissionKeyCloakSettings__TokenRefreshSeconds=3600 @@ -120,4 +111,4 @@ RabbitMQ__HostAddress=rabbitmq ConnectionStrings__CredentialsConnection=Server=postgres;Port=5432;Database=TRE_Credentials;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; DareAPISettings__Address=http://submissionAPI:8080 -DataEgressAPISettings__Address=http://DataEgressAPI:8080 \ No newline at end of file +DataEgressAPISettings__Address=http://DataEgressAPI:8080 diff --git a/AllInOne/minio.env b/AllInOne/minio.env new file mode 100644 index 0000000..bb4c8af --- /dev/null +++ b/AllInOne/minio.env @@ -0,0 +1,23 @@ +MinioOpenidSecret=8a11bbcd-693a-4549-bda4-3e978fcf4de1 +MinioIdentityIDURL=Dare-Control-Minio +MinioIdentityConfigURL=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration +MINIO_IDENTITY_OPENID_DISPLAY_NAME=SSO_IDENTIFIER +MINIO_IDENTITY_OPENID_SCOPES=openid + + +MinioTreOpenidSecret=71ee3de3-0e0c-49c8-a0b2-c0e490c90591 +MinioTreIdentityID=Dare-TRE-Minio +MinioTreIdentityConfigURL=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration + +MinioTRESettings__Url=http://minioTRE:9000 +MinioTRESettings__AdminConsole=http://minioTRE:9001 +MinioTRESettings__AWSRegion=us-east-1 + +MinioSubSettings__Url=http://minioSubmission:9000 +MinioSubSettings__AdminConsole=http://minioSubmission:9001 +MinioSubSettings__BucketName=testbucket +MinioSubSettings__AWSRegion=us-east-1 + +MinioSettings__BucketName=testbucket + +# 9003 = minioTRE diff --git a/AllInOne/routes.env b/AllInOne/routes.env index fab0600..db67ee1 100644 --- a/AllInOne/routes.env +++ b/AllInOne/routes.env @@ -34,4 +34,4 @@ TreKeyCloakSettings__TokenExpiredAddress=http://localhost:8989/Account/LoginAfte # TRE API config TreAPIKeyCloakClientUIRediretURL=http://localhost:8989/ TreAPIKeyCloakTokenExpredAddressUI=http://localhost:8989/Account/LoginAfterTokenExpired -URLSettingsFrontEndMinioUrl=localhost:9001 +URLSettingsFrontEnd__MinioUrl=localhost:9001 \ No newline at end of file From 2ad294710f0211cbb2b3794dadb8812f39919de0 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Mon, 16 Feb 2026 15:31:57 +0000 Subject: [PATCH 32/41] Rearrange internal for greater readability --- AllInOne/internal.env | 151 +++++++++++++++++++++++++----------------- 1 file changed, 91 insertions(+), 60 deletions(-) diff --git a/AllInOne/internal.env b/AllInOne/internal.env index 5afb147..e3290a8 100644 --- a/AllInOne/internal.env +++ b/AllInOne/internal.env @@ -2,53 +2,95 @@ ### This file contains config which users *should not edit* without good reason ### This file will be maintained by the developers -# ------------------------------------------------------------------------------ -# TRE Settings +# ============================================================================== +# Core Infrastructure +# ============================================================================== -# TRE DB Credentials TRE_DATA_SERVER=postgres TRE_DATA_PORT=5432 TRE_DATA_DATABASE=tredata -# TRE UI settings +ConnectionStrings__CredentialsConnection=Server=postgres;Port=5432;Database=TRE_Credentials;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; + +RabbitMQ__HostAddress=rabbitmq + +CAMUNDA_VERSION=8.8.0 +CAMUNDA_BUNDLE_VERSION=8.8.1 +ELASTIC_VERSION=8.17.5 + +URLSettingsFrontEnd__QueryImage=harbor.ukserp.ac.uk/dare-trefx/control-tre-hasura:1.34.1 + + +# ============================================================================== +# TRE API & UI +# ============================================================================== + TreAPISettings__InternalApiBaseUrl=http://treAPI:8080 TreAPISettings__PublicApiBaseUrl=http://localhost:8072 -Serilog__SeqServerUrl=http://seq:5341 -# TRE KeyCloak settings +TreAPIKeyCloakUseRedirect=false +TreAPIKeyCloakSecret=e9021a57-3f4f-4254-ba27-2cdbb99a2cb5 +TreAPIKeyCloakBaseRealmAddress=http://keycloak:8080/realms/Dare-TRE +TreAPIKeyCloakAuthority=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration +TreAPIKeyCloakClientId=Dare-TRE-API +TreAPIKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration +TreAPIAccountManagementURLUI=http://localhost:8085/realms/Dare-TRE/account +TreAPIValidAudiences=Dare-TRE-API,Dare-TRE-UI + + +# ============================================================================== +# TRE Keycloak Settings +# ============================================================================== + TreKeyCloakSettings__Authority=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration TreKeyCloakSettings__MetadataAddress=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuratio -TreKeyCloakSettings__ClientId=Dare-TRE-UI TreKeyCloakSettings__BaseUrl=http://keycloak:8080/realms/Dare-TRE +TreKeyCloakSettings__ClientId=Dare-TRE-UI TreKeyCloakSettings__ClientSecret=2de114bc-3599-45f1-9b61-5090c6859dfe TreKeyCloakSettings__ValidAudiences=Dare-TRE-API,Dare-TRE-UI TreKeyCloakSettings__AccountManagementURL=http://localhost:8085/realms/Dare-TRE/account TreKeyCloakSettings__BypassProxy="treAPI,seq-tre" TreKeyCloakSettings__UseRedirectURL=false -# CAMUNDA env var -CAMUNDA_VERSION=8.8.0 -CAMUNDA_BUNDLE_VERSION=8.8.1 -ELASTIC_VERSION=8.17.5 +KeyCloakUseRedirect=false -CredentialAPISettingsStartWebhookUrl=http://connectors:8080/inbound/StartCredentials -CredentialAPISettingsRevokeWebhookUrl=http://connectors:8080/inbound/RevokeCredentials +# ============================================================================== +# Submission API & UI +# ============================================================================== -# Output bucket prefix for the TES executing agent to write results to -AgentSettings__TESKOutputBucketPrefix=s3:// +DareAPISettings__Address=http://submissionAPI:8080 -Hutch__DbServer=theserver -Hutch__DbName=theDb -Hutch__DbPort=24 +SubmissionUIAccountManagementURL=http://keycloak:8080/realms/Dare-Control/account +SubmissionUIKeyCloakBaseUrl=http://keycloak:8080/realms/Dare-Control +SubmissionUIClientSecret=1218304e-bf92-4706-83f6-912e0b04ecb9 +SubmissionUIKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration +SubmissionUIKeyCloakAuthority=http://keycloak:8080/realms/Dare-Control/ -JobSettings__scanSchedule=1 -JobSettings__syncSchedule=2 +SubmissionKeyCloakSettings__Authority=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration +SubmissionKeyCloakSettings__MetadataAddress=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration +SubmissionKeyCloakSettings__BaseUrl=http://keycloak:8080/realms/Dare-Control +SubmissionKeyCloakSettings__ClientId=Dare-Control-API +SubmissionKeyCloakSettings__ClientSecret=2e60b956-16bc-4dea-8b49-118a8baac5e5 +SubmissionKeyCloakSettings__ValidAudiences=Dare-Control-UI,Dare-Control-API,Dare-Control-Minio +SubmissionKeyCloakSettings__BypassProxy="submissionAPI,seq-tre" +SubmissionKeyCloakSettings__UseRedirectURL=false +SubmissionKeyCloakSettings__SignedOutRedirectUri=/ +SubmissionKeyCloakSettings__TokenRefreshSeconds=3600 +SubmissionKeyCloakSettings__Server=keycloak:8080 +SubmissionKeyCloakSettings__Protocol=http +SubmissionKeyCloakSettings__Realm=Dare-Control +SubmissionKeyCloakSettings__AutoTrustKeycloakCert=false +SubmissionKeyCloakSettings__ValidIssuer= +SubmissionKeyCloakSettings__ValidAudience= -EnableExternalHangfire=false +# ============================================================================== +# Data Egress +# ============================================================================== + +DataEgressAPISettings__Address=http://DataEgressAPI:8080 -# DataEgress KeyCloak settings DataEgressKeyCloakSettings__Authority=http://keycloak:8080/realms/Data-Egress/.well-known/openid-configuration DataEgressKeyCloakSettings__MetadataAddress=http://keycloak:8080/realms/Data-Egress/.well-known/openid-configuration DataEgressKeyCloakSettings__BaseUrl=http://keycloak:8080/realms/Data-Egress @@ -58,57 +100,46 @@ DataEgressKeyCloakSettings__ValidAudiences=Data-Egress-UI,Data-Egress-API DataEgressKeyCloakSettings__UseRedirectURL=false DataEgressKeyCloakSettings__BypassProxy="DataEgressUI,treAPI,seq-tre" -SubmissionKeyCloakSettings__Authority=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration -SubmissionKeyCloakSettings__MetadataAddress=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration -SubmissionKeyCloakSettings__BaseUrl=http://keycloak:8080/realms/Dare-Control -SubmissionKeyCloakSettings__ClientId=Dare-Control-API -SubmissionKeyCloakSettings__ClientSecret=2e60b956-16bc-4dea-8b49-118a8baac5e5 -SubmissionKeyCloakSettings__ValidAudiences=Dare-Control-UI,Dare-Control-API,Dare-Control-Minio -SubmissionKeyCloakSettings__BypassProxy="submissionAPI,seq-tre" -SubmissionKeyCloakSettings__UseRedirectURL=false +# ============================================================================== +# Credential API +# ============================================================================== +CredentialAPISettingsStartWebhookUrl=http://connectors:8080/inbound/StartCredentials +CredentialAPISettingsRevokeWebhookUrl=http://connectors:8080/inbound/RevokeCredentials +# ============================================================================== +# Agent / TES Execution +# ============================================================================== +AgentSettings__TESKOutputBucketPrefix=s3:// +AgentSettings__UseTESK=false +AgentSettings__UseRabbit=false +AgentSettings__TESKAPIURL= -SubmissionUIAccountManagementURL=http://keycloak:8080/realms/Dare-Control/account -SubmissionUIKeyCloakBaseUrl=http://keycloak:8080/realms/Dare-Control +# ============================================================================== +# Hutch +# ============================================================================== +Hutch__DbServer=theserver +Hutch__DbName=theDb +Hutch__DbPort=24 -KeyCloakUseRedirect=false -SubmissionUIClientSecret=1218304e-bf92-4706-83f6-912e0b04ecb9 -SubmissionUIKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration -SubmissionUIKeyCloakAuthority=http://keycloak:8080/realms/Dare-Control/ +# ============================================================================== +# Jobs & Scheduling +# ============================================================================== -TreAPIKeyCloakUseRedirect=false -TreAPIKeyCloakSecret=e9021a57-3f4f-4254-ba27-2cdbb99a2cb5 -TreAPIKeyCloakBaseRealmAddress=http://keycloak:8080/realms/Dare-TRE -TreAPIKeyCloakAuthority=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration -TreAPIKeyCloakClientId=Dare-TRE-API -TreAPIKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration -TreAPIAccountManagementURLUI=http://localhost:8085/realms/Dare-TRE/account -TreAPIValidAudiences=Dare-TRE-API,Dare-TRE-UI +JobSettings__scanSchedule=1 +JobSettings__syncSchedule=2 +EnableExternalHangfire=false -URLSettingsFrontEnd__QueryImage=harbor.ukserp.ac.uk/dare-trefx/control-tre-hasura:1.34.1 -SubmissionKeyCloakSettings__SignedOutRedirectUri=/ -SubmissionKeyCloakSettings__TokenRefreshSeconds=3600 -SubmissionKeyCloakSettings__Server=keycloak:8080 -SubmissionKeyCloakSettings__Protocol=http -SubmissionKeyCloakSettings__Realm=Dare-Control -SubmissionKeyCloakSettings__AutoTrustKeycloakCert=false -SubmissionKeyCloakSettings__ValidIssuer= -SubmissionKeyCloakSettings__ValidAudience= -#SubmissionAPIKeyCloakUseRedirect=false -#SubmissionAPIClientSecret=1218304e-bf92-4706-83f6-912e0b04ecb9 +# ============================================================================== +# Logging +# ============================================================================== Serilog__SeqServerUrl=http://seq:5341 -RabbitMQ__HostAddress=rabbitmq - -ConnectionStrings__CredentialsConnection=Server=postgres;Port=5432;Database=TRE_Credentials;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; -DareAPISettings__Address=http://submissionAPI:8080 -DataEgressAPISettings__Address=http://DataEgressAPI:8080 From 0f7ed4d0178b7f60742acd96869eaed6fffcbcd1 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Mon, 16 Feb 2026 15:32:15 +0000 Subject: [PATCH 33/41] Move zeebe config --- AllInOne/docker-compose.yml | 15 +-------------- AllInOne/user.env | 7 +------ AllInOne/zeebee.env | 6 ++++++ 3 files changed, 8 insertions(+), 20 deletions(-) create mode 100644 AllInOne/zeebee.env diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index f164e7e..260032c 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -6,6 +6,7 @@ x-environment: &environment - user.env - vault.env - minio.env + - zeebee.env name: AllInOne @@ -72,13 +73,6 @@ services: - DmnFilePath=app/ProcessModels - TreUISettings__Address=http://localhost:8989 - TreAPISettings__Address=http://localhost:8072 - # Zeebe settings - - ZeebeBootstrap__Client__GatewayAddress=orchestration:26500 - - ZeebeBootstrap__Worker__MaxJobsActive=5 - - ZeebeBootstrap__Worker__TimeoutInMilliseconds=500 - - ZeebeBootstrap__Worker__PollIntervalInMilliseconds=50 - - ZeebeBootstrap__Worker__PollingTimeoutInMilliseconds=1000 - - ZeebeBootstrap__Worker__RetryTimeoutInMilliseconds=1000 ###################################################### # DataEgress LAYER @@ -210,13 +204,6 @@ services: - Logging__LogLevel__Default=Information - Logging__LogLevel__Microsoft.AspNetCore=Warning - AllowedHosts=* - # Zeebe Bootstrap settings - - ZeebeBootstrap__Client__GatewayAddress=orchestration:26500 - - ZeebeBootstrap__Worker__MaxJobsActive=5 - - ZeebeBootstrap__Worker__TimeoutInMilliseconds=500 - - ZeebeBootstrap__Worker__PollIntervalInMilliseconds=50 - - ZeebeBootstrap__Worker__PollingTimeoutInMilliseconds=1000 - - ZeebeBootstrap__Worker__RetryTimeoutInMilliseconds=1000 - ConnectionStrings__TREPostgresConnection=Server=${TRE_DATA_SERVER};Port=${TRE_DATA_PORT};Database=${TRE_DATA_DATABASE};Include Error Detail=true;User Id=${TRE_DATA_USER};Password=${TRE_DATA_PASSWORD}; ###################################################### diff --git a/AllInOne/user.env b/AllInOne/user.env index a46c852..859e88a 100644 --- a/AllInOne/user.env +++ b/AllInOne/user.env @@ -21,9 +21,4 @@ proxyurl=http://192.168.10.15:8080 #If having issues with keycloak set this to false. sslcookies=false #If http only site set this to false -httpsRedirect=false - -# Task execution optoins -AgentSettings__UseTESK=false -AgentSettings__UseRabbit=false -AgentSettings__TESKAPIURL= +httpsRedirect=false \ No newline at end of file diff --git a/AllInOne/zeebee.env b/AllInOne/zeebee.env new file mode 100644 index 0000000..d9df65e --- /dev/null +++ b/AllInOne/zeebee.env @@ -0,0 +1,6 @@ +ZeebeBootstrap__Client__GatewayAddress=orchestration:26500 +ZeebeBootstrap__Worker__MaxJobsActive=5 +ZeebeBootstrap__Worker__TimeoutInMilliseconds=500 +ZeebeBootstrap__Worker__PollIntervalInMilliseconds=50 +ZeebeBootstrap__Worker__PollingTimeoutInMilliseconds=1000 +ZeebeBootstrap__Worker__RetryTimeoutInMilliseconds=1000 From 27100a011f9d4e1458b9a275ffd1e7da99c18a6d Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Mon, 16 Feb 2026 15:48:22 +0000 Subject: [PATCH 34/41] Move postgres creds and config --- AllInOne/creds.env | 4 ++-- AllInOne/docker-compose.yml | 30 +++++++++++++++++------------- AllInOne/minio.env | 10 ++++------ AllInOne/postgres.env | 1 + 4 files changed, 24 insertions(+), 21 deletions(-) create mode 100644 AllInOne/postgres.env diff --git a/AllInOne/creds.env b/AllInOne/creds.env index 7864572..7bff04f 100644 --- a/AllInOne/creds.env +++ b/AllInOne/creds.env @@ -1,5 +1,5 @@ -PGLOGIN=admin -PGPASSWORD=admin +POSTGRES_USER=admin +POSTGRES_PASSWORD=admin TRE_DATA_USER=admin TRE_DATA_PASSWORD=admin diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 260032c..26eb9a9 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -57,10 +57,12 @@ services: condition: service_healthy orchestration: condition: service_healthy + env_file: + - creds.env environment: - Features__DemoAllInOne=${DemoMode} - Features__EphemeralCredentials=true - - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Tre;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; + - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Tre;Include Error Detail=true;User Id=${POSTGRES_USER};Password=${POSTGRES_PASSWORD};TrustServerCertificate=True; - TreKeyCloakSettings__Proxy=${useproxy} - TreKeyCloakSettings__ProxyAddresURL=${proxyurl} - TreKeyCloakSettings__TokenExpiredAddress= @@ -110,8 +112,10 @@ services: condition: service_healthy keycloak: condition: service_healthy + env_file: + - creds.env environment: - - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DATA-Egress;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; + - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DATA-Egress;Include Error Detail=true;User Id=${POSTGRES_USER};Password=${POSTGRES_PASSWORD};TrustServerCertificate=True; - TreKeyCloakSettings__Proxy=${useproxy} - TreKeyCloakSettings__ProxyAddresURL=${proxyurl} - DataEgressKeyCloakSettings__Proxy=${useproxy} @@ -173,8 +177,10 @@ services: condition: service_healthy minioSubmission: condition: service_healthy + env_file: + - creds.env environment: - - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Control;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; + - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Control;Include Error Detail=true;User Id=${POSTGRES_USER};Password=${POSTGRES_PASSWORD};TrustServerCertificate=True; - MinioSettings__Url=${MinioSubSettings__URL} - MinioSettings__AdminConsole=${MinioSubSettings__AdminConsole} - SubmissionKeyCloakSettings__Proxy=${useproxy} @@ -210,14 +216,15 @@ services: # Keycloak ###################################################### keycloak: - <<: *environment image: quay.io/keycloak/keycloak:26.0 container_name: keycloak + env_file: + - creds.env environment: KC_DB: postgres KC_DB_URL: jdbc:postgresql://postgres/keycloak - KC_DB_USERNAME: ${PGLOGIN} - KC_DB_PASSWORD: ${PGPASSWORD} + KC_DB_USERNAME: ${POSTGRES_USER} + KC_DB_PASSWORD: ${POSTGRES_PASSWORD} KC_HOSTNAME: http://localhost:8085 KC_HOSTNAME_PORT: 8085 KC_HOSTNAME_BACKCHANNEL_DYNAMIC: true @@ -258,14 +265,12 @@ services: # POSTGRES ###################################################### postgresql: - <<: *environment image: postgres:17 container_name: postgres restart: always - environment: - - POSTGRES_USER=${PGLOGIN} - - POSTGRES_PASSWORD=${PGPASSWORD} - - POSTGRES_DB=DARE-Control + env_file: + - creds.env + - postgres.env networks: - sub-net ports: @@ -274,7 +279,7 @@ services: - "postgresql_data:/var/lib/postgresql/data" - ./init.sql:/docker-entrypoint-initdb.d/init.sql healthcheck: - test: ["CMD-SHELL", "pg_isready -q -U ${PGLOGIN} -d keycloak"] + test: ["CMD-SHELL", "pg_isready -q -U ${POSTGRES_USER} -d keycloak"] adminer: <<: *environment @@ -302,7 +307,6 @@ services: ###################################################### rabbitmq: - <<: *environment image: rabbitmq:3-management-alpine container_name: "rabbitmq" hostname: rabbitmq diff --git a/AllInOne/minio.env b/AllInOne/minio.env index bb4c8af..ac5b876 100644 --- a/AllInOne/minio.env +++ b/AllInOne/minio.env @@ -1,9 +1,9 @@ -MinioOpenidSecret=8a11bbcd-693a-4549-bda4-3e978fcf4de1 -MinioIdentityIDURL=Dare-Control-Minio -MinioIdentityConfigURL=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration MINIO_IDENTITY_OPENID_DISPLAY_NAME=SSO_IDENTIFIER MINIO_IDENTITY_OPENID_SCOPES=openid +MinioOpenidSecret=8a11bbcd-693a-4549-bda4-3e978fcf4de1 +MinioIdentityIDURL=Dare-Control-Minio +MinioIdentityConfigURL=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration MinioTreOpenidSecret=71ee3de3-0e0c-49c8-a0b2-c0e490c90591 MinioTreIdentityID=Dare-TRE-Minio @@ -18,6 +18,4 @@ MinioSubSettings__AdminConsole=http://minioSubmission:9001 MinioSubSettings__BucketName=testbucket MinioSubSettings__AWSRegion=us-east-1 -MinioSettings__BucketName=testbucket - -# 9003 = minioTRE +MinioSettings__BucketName=testbucket \ No newline at end of file diff --git a/AllInOne/postgres.env b/AllInOne/postgres.env new file mode 100644 index 0000000..fb43cfd --- /dev/null +++ b/AllInOne/postgres.env @@ -0,0 +1 @@ +POSTGRES_DB=DARE-Control From e766dc7d2b710abe747ba41ee21ba22f30b4315d Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Mon, 16 Feb 2026 15:49:11 +0000 Subject: [PATCH 35/41] Change my mind about postgres file --- AllInOne/docker-compose.yml | 3 ++- AllInOne/postgres.env | 1 - 2 files changed, 2 insertions(+), 2 deletions(-) delete mode 100644 AllInOne/postgres.env diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 26eb9a9..4a6690d 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -270,7 +270,8 @@ services: restart: always env_file: - creds.env - - postgres.env + environment: + - POSTGRES_DB=DARE-Control networks: - sub-net ports: diff --git a/AllInOne/postgres.env b/AllInOne/postgres.env deleted file mode 100644 index fb43cfd..0000000 --- a/AllInOne/postgres.env +++ /dev/null @@ -1 +0,0 @@ -POSTGRES_DB=DARE-Control From ae67a5bdf3b9aaf6770ec248df3ef22cbb8b2209 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Mon, 16 Feb 2026 15:51:11 +0000 Subject: [PATCH 36/41] Align adminer and postgres --- AllInOne/docker-compose.yml | 8 ++++---- AllInOne/postgres.env | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 AllInOne/postgres.env diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 4a6690d..ed56a5d 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -270,8 +270,7 @@ services: restart: always env_file: - creds.env - environment: - - POSTGRES_DB=DARE-Control + - postgres.env networks: - sub-net ports: @@ -283,17 +282,18 @@ services: test: ["CMD-SHELL", "pg_isready -q -U ${POSTGRES_USER} -d keycloak"] adminer: - <<: *environment image: adminer restart: always networks: - sub-net ports: - 8087:8080 + env_file: + - postgres.env environment: - ADMINER_DEFAULT_DB_DRIVER=psql - ADMINER_DEFAULT_DB_HOST=postgres - - ADMINER_DEFAULT_DB_NAME=postgres + - ADMINER_DEFAULT_DB_NAME=${POSTGRES_DB} depends_on: postgresql: condition: service_healthy diff --git a/AllInOne/postgres.env b/AllInOne/postgres.env new file mode 100644 index 0000000..0b740b1 --- /dev/null +++ b/AllInOne/postgres.env @@ -0,0 +1 @@ +POSTGRES_DB=DARE-Control \ No newline at end of file From c5e7e5d8089e3241f4717b03057ad136cec05da0 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Mon, 16 Feb 2026 16:29:00 +0000 Subject: [PATCH 37/41] Ensure environment is not passed to services that don't want it, move some creds to creds --- AllInOne/creds.env | 5 ++++- AllInOne/docker-compose.yml | 24 +++++++++++------------- AllInOne/internal.env | 2 -- 3 files changed, 15 insertions(+), 16 deletions(-) diff --git a/AllInOne/creds.env b/AllInOne/creds.env index 7bff04f..44aea3d 100644 --- a/AllInOne/creds.env +++ b/AllInOne/creds.env @@ -10,4 +10,7 @@ MinioTRESettings__SecretKey=minio123 MinioSettings__AccessKey=minio MinioSettings__SecretKey=minio123 -DemoModeDefaultP=password123 \ No newline at end of file +DemoModeDefaultP=password123 + +LDAP_ADMIN_PASSWORD: "admin" +LDAP_CONFIG_PASSWORD: "config" diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index ed56a5d..69ef33e 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -329,7 +329,6 @@ services: # MINIO ###################################################### minioSubmission: - <<: *environment image: coollabsio/minio:RELEASE.2025-04-22T22-12-26Z container_name: minioSubmission restart: always @@ -337,6 +336,9 @@ services: depends_on: keycloak: condition: service_healthy + env_file: + - creds.env + - minio.env environment: - MINIO_ROOT_USER=${MinioSettings__AccessKey} - MINIO_ROOT_PASSWORD=${MinioSettings__SecretKey} @@ -365,7 +367,6 @@ services: start_period: 30s minioTRE: - <<: *environment image: coollabsio/minio:RELEASE.2025-04-22T22-12-26Z mem_limit: 512M mem_reservation: 256M @@ -376,6 +377,9 @@ services: container_name: minioTRE restart: always command: server /data --console-address ":9001" + env_file: + - creds.env + - minio.env environment: - MINIO_ROOT_USER=${MinioTRESettings__AccessKey} - MINIO_ROOT_PASSWORD=${MinioTRESettings__SecretKey} @@ -405,7 +409,6 @@ services: # SEQ / Serilog ###################################################### seq: - <<: *environment image: datalust/seq:2025.1.14095 container_name: seq restart: always @@ -423,7 +426,6 @@ services: ###################################################### orchestration: # Consolidated Zeebe + Operate + Tasklist - https://docs.camunda.io/docs/self-managed/setup/deploy/other/docker/#zeebe - <<: *environment image: camunda/camunda:${CAMUNDA_VERSION} container_name: orchestration ports: @@ -457,7 +459,6 @@ services: # Camunda Connectors - executes outbound and inbound connector logic # Docs: https://docs.camunda.io/docs/self-managed/connectors-deployment/connectors-configuration/ connectors: - <<: *environment image: camunda/connectors-bundle:${CAMUNDA_BUNDLE_VERSION} container_name: connectors ports: @@ -486,7 +487,6 @@ services: condition: service_healthy elasticsearch: # https://hub.docker.com/_/elasticsearch - <<: *environment image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} container_name: elasticsearch ports: @@ -520,7 +520,6 @@ services: # VAULT ###################################################### vault: - <<: *environment image: hashicorp/vault:latest container_name: vault mem_limit: 512M @@ -529,8 +528,10 @@ services: restart: always ports: - "8200:8200" + env_file: + - vault.env environment: - - VAULT_DEV_ROOT_TOKEN_ID=dev-only-token + - VAULT_DEV_ROOT_TOKEN_ID=${VaultSettings__Token} - VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200 - VAULT_ADDR=http://127.0.0.1:8200 volumes: @@ -553,15 +554,14 @@ services: # OPENLDAP ###################################################### openldap: - <<: *environment image: osixia/openldap:1.5.0 container_name: openldap + env_file: + - creds.env environment: LDAP_LOG_LEVEL: "256" LDAP_ORGANISATION: "TRE Ephemeral Credentials" LDAP_DOMAIN: "camundaephemeral.local" - LDAP_ADMIN_PASSWORD: "admin" - LDAP_CONFIG_PASSWORD: "config" LDAP_TLS: "false" LDAP_ADD_LDIF_URL: "file:///container/service/slapd/assets/init.ldif" volumes: @@ -590,7 +590,6 @@ services: ## Ldap initialisation to create Users OU ## ldap-init: - <<: *environment image: osixia/openldap:1.5.0 networks: - sub-net @@ -609,7 +608,6 @@ services: - ./ldap-init/init.ldif:/container/service/slapd/assets/init.ldif phpldapadmin: - <<: *environment image: osixia/phpldapadmin:latest container_name: phpldapadmin networks: diff --git a/AllInOne/internal.env b/AllInOne/internal.env index e3290a8..52ac510 100644 --- a/AllInOne/internal.env +++ b/AllInOne/internal.env @@ -10,8 +10,6 @@ TRE_DATA_SERVER=postgres TRE_DATA_PORT=5432 TRE_DATA_DATABASE=tredata -ConnectionStrings__CredentialsConnection=Server=postgres;Port=5432;Database=TRE_Credentials;Include Error Detail=true;User Id=${PGLOGIN};Password=${PGPASSWORD};TrustServerCertificate=True; - RabbitMQ__HostAddress=rabbitmq CAMUNDA_VERSION=8.8.0 From 54a3bd07f307db2d7a740eee6b353ba848fbfab9 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Mon, 16 Feb 2026 16:45:06 +0000 Subject: [PATCH 38/41] Move some keycloak config out --- AllInOne/creds.env | 3 +++ AllInOne/docker-compose.yml | 6 +----- AllInOne/routes.env | 5 ++++- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/AllInOne/creds.env b/AllInOne/creds.env index 44aea3d..37c3d1c 100644 --- a/AllInOne/creds.env +++ b/AllInOne/creds.env @@ -14,3 +14,6 @@ DemoModeDefaultP=password123 LDAP_ADMIN_PASSWORD: "admin" LDAP_CONFIG_PASSWORD: "config" + +KC_BOOTSTRAP_ADMIN_USERNAME: admin +KC_BOOTSTRAP_ADMIN_PASSWORD: admin diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 69ef33e..4243d7a 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -222,7 +222,7 @@ services: - creds.env environment: KC_DB: postgres - KC_DB_URL: jdbc:postgresql://postgres/keycloak + KC_DB_URL: jdbc:postgresql://${POSTGRES_DB}/keycloak KC_DB_USERNAME: ${POSTGRES_USER} KC_DB_PASSWORD: ${POSTGRES_PASSWORD} KC_HOSTNAME: http://localhost:8085 @@ -230,15 +230,11 @@ services: KC_HOSTNAME_BACKCHANNEL_DYNAMIC: true #KC_HOSTNAME_STRICT: false #KC_HOSTNAME_STRICT_HTTPS: false - KEYCLOAK_FRONTEND_URL: http://localhost:8085/auth KC_LOG_LEVEL: info KC_METRICS_ENABLED: true KC_HEALTH_ENABLED: true KEYCLOAK_HEALTH_ENABLED: true KEYCLOAK_METRICS_ENABLED: true - # Admin credentials - KC_BOOTSTRAP_ADMIN_USERNAME: admin - KC_BOOTSTRAP_ADMIN_PASSWORD: admin networks: - sub-net command: start-dev --import-realm #--verbose diff --git a/AllInOne/routes.env b/AllInOne/routes.env index db67ee1..53492f5 100644 --- a/AllInOne/routes.env +++ b/AllInOne/routes.env @@ -34,4 +34,7 @@ TreKeyCloakSettings__TokenExpiredAddress=http://localhost:8989/Account/LoginAfte # TRE API config TreAPIKeyCloakClientUIRediretURL=http://localhost:8989/ TreAPIKeyCloakTokenExpredAddressUI=http://localhost:8989/Account/LoginAfterTokenExpired -URLSettingsFrontEnd__MinioUrl=localhost:9001 \ No newline at end of file +URLSettingsFrontEnd__MinioUrl=localhost:9001 + +# Keycloak UI +KEYCLOAK_FRONTEND_URL: http://localhost:8085/auth \ No newline at end of file From c1401129b596fe0ae240126de6bc53d2ec394e22 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Tue, 17 Feb 2026 11:20:21 +0000 Subject: [PATCH 39/41] Move config files into subdirectory --- AllInOne/{ => config}/creds.env | 0 AllInOne/{ => config}/internal.env | 0 AllInOne/{ => config}/ldap.env | 0 AllInOne/{ => config}/minio.env | 0 AllInOne/{ => config}/postgres.env | 0 AllInOne/{ => config}/routes.env | 0 AllInOne/{ => config}/user.env | 0 AllInOne/{ => config}/vault.env | 0 AllInOne/{ => config}/zeebee.env | 0 AllInOne/docker-compose.yml | 40 +++++++++++++++--------------- 10 files changed, 20 insertions(+), 20 deletions(-) rename AllInOne/{ => config}/creds.env (100%) rename AllInOne/{ => config}/internal.env (100%) rename AllInOne/{ => config}/ldap.env (100%) rename AllInOne/{ => config}/minio.env (100%) rename AllInOne/{ => config}/postgres.env (100%) rename AllInOne/{ => config}/routes.env (100%) rename AllInOne/{ => config}/user.env (100%) rename AllInOne/{ => config}/vault.env (100%) rename AllInOne/{ => config}/zeebee.env (100%) diff --git a/AllInOne/creds.env b/AllInOne/config/creds.env similarity index 100% rename from AllInOne/creds.env rename to AllInOne/config/creds.env diff --git a/AllInOne/internal.env b/AllInOne/config/internal.env similarity index 100% rename from AllInOne/internal.env rename to AllInOne/config/internal.env diff --git a/AllInOne/ldap.env b/AllInOne/config/ldap.env similarity index 100% rename from AllInOne/ldap.env rename to AllInOne/config/ldap.env diff --git a/AllInOne/minio.env b/AllInOne/config/minio.env similarity index 100% rename from AllInOne/minio.env rename to AllInOne/config/minio.env diff --git a/AllInOne/postgres.env b/AllInOne/config/postgres.env similarity index 100% rename from AllInOne/postgres.env rename to AllInOne/config/postgres.env diff --git a/AllInOne/routes.env b/AllInOne/config/routes.env similarity index 100% rename from AllInOne/routes.env rename to AllInOne/config/routes.env diff --git a/AllInOne/user.env b/AllInOne/config/user.env similarity index 100% rename from AllInOne/user.env rename to AllInOne/config/user.env diff --git a/AllInOne/vault.env b/AllInOne/config/vault.env similarity index 100% rename from AllInOne/vault.env rename to AllInOne/config/vault.env diff --git a/AllInOne/zeebee.env b/AllInOne/config/zeebee.env similarity index 100% rename from AllInOne/zeebee.env rename to AllInOne/config/zeebee.env diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 4243d7a..357fb85 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -1,12 +1,12 @@ x-environment: &environment env_file: - - creds.env - - internal.env - - routes.env - - user.env - - vault.env - - minio.env - - zeebee.env + - config/creds.env + - config/internal.env + - config/routes.env + - config/user.env + - config/vault.env + - config/minio.env + - config/zeebee.env name: AllInOne @@ -58,7 +58,7 @@ services: orchestration: condition: service_healthy env_file: - - creds.env + - config/creds.env environment: - Features__DemoAllInOne=${DemoMode} - Features__EphemeralCredentials=true @@ -113,7 +113,7 @@ services: keycloak: condition: service_healthy env_file: - - creds.env + - config/creds.env environment: - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DATA-Egress;Include Error Detail=true;User Id=${POSTGRES_USER};Password=${POSTGRES_PASSWORD};TrustServerCertificate=True; - TreKeyCloakSettings__Proxy=${useproxy} @@ -178,7 +178,7 @@ services: minioSubmission: condition: service_healthy env_file: - - creds.env + - config/creds.env environment: - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Control;Include Error Detail=true;User Id=${POSTGRES_USER};Password=${POSTGRES_PASSWORD};TrustServerCertificate=True; - MinioSettings__Url=${MinioSubSettings__URL} @@ -219,7 +219,7 @@ services: image: quay.io/keycloak/keycloak:26.0 container_name: keycloak env_file: - - creds.env + - config/creds.env environment: KC_DB: postgres KC_DB_URL: jdbc:postgresql://${POSTGRES_DB}/keycloak @@ -265,8 +265,8 @@ services: container_name: postgres restart: always env_file: - - creds.env - - postgres.env + - config/creds.env + - config/postgres.env networks: - sub-net ports: @@ -285,7 +285,7 @@ services: ports: - 8087:8080 env_file: - - postgres.env + - config/postgres.env environment: - ADMINER_DEFAULT_DB_DRIVER=psql - ADMINER_DEFAULT_DB_HOST=postgres @@ -333,8 +333,8 @@ services: keycloak: condition: service_healthy env_file: - - creds.env - - minio.env + - config/creds.env + - config/minio.env environment: - MINIO_ROOT_USER=${MinioSettings__AccessKey} - MINIO_ROOT_PASSWORD=${MinioSettings__SecretKey} @@ -374,8 +374,8 @@ services: restart: always command: server /data --console-address ":9001" env_file: - - creds.env - - minio.env + - config/creds.env + - config/minio.env environment: - MINIO_ROOT_USER=${MinioTRESettings__AccessKey} - MINIO_ROOT_PASSWORD=${MinioTRESettings__SecretKey} @@ -525,7 +525,7 @@ services: ports: - "8200:8200" env_file: - - vault.env + - config/vault.env environment: - VAULT_DEV_ROOT_TOKEN_ID=${VaultSettings__Token} - VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200 @@ -553,7 +553,7 @@ services: image: osixia/openldap:1.5.0 container_name: openldap env_file: - - creds.env + - config/creds.env environment: LDAP_LOG_LEVEL: "256" LDAP_ORGANISATION: "TRE Ephemeral Credentials" From 28de5f417590ab6bca573b750406864cd88d7c57 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Tue, 17 Feb 2026 12:34:37 +0000 Subject: [PATCH 40/41] Remove all env tag, apply each env file individually --- AllInOne/docker-compose.yml | 38 ++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 357fb85..4db7bed 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -1,13 +1,3 @@ -x-environment: &environment - env_file: - - config/creds.env - - config/internal.env - - config/routes.env - - config/user.env - - config/vault.env - - config/minio.env - - config/zeebee.env - name: AllInOne services: @@ -16,7 +6,6 @@ services: ###################################################### tre-ui: - <<: *environment image: harbor.ukserp.ac.uk:443/dare-trefx/control-tre-ui:${dareVer} container_name: treUI restart: always @@ -26,6 +15,9 @@ services: - 8989:8080 depends_on: - tre-api + env_file: + - config/internal.env + - config/user.env environment: - TreKeyCloakSettings__Proxy=${useproxy} - TreKeyCloakSettings__ProxyAddresURL=${proxyurl} @@ -59,6 +51,11 @@ services: condition: service_healthy env_file: - config/creds.env + - config/internal.env + - config/minio.env + - config/routes.env + - config/user.env + - config/vault.env environment: - Features__DemoAllInOne=${DemoMode} - Features__EphemeralCredentials=true @@ -91,6 +88,10 @@ services: - 8100:8080 depends_on: - DataEgressAPI + env_file: + - config/internal.env + - config/minio.env + - config/user.env environment: - DataEgressKeyCloakSettings__Proxy=${useproxy} - DataEgressKeyCloakSettings__ProxyAddresURL=${proxyurl} @@ -114,6 +115,9 @@ services: condition: service_healthy env_file: - config/creds.env + - config/internal.env + - config/minio.env + - config/user.env environment: - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DATA-Egress;Include Error Detail=true;User Id=${POSTGRES_USER};Password=${POSTGRES_PASSWORD};TrustServerCertificate=True; - TreKeyCloakSettings__Proxy=${useproxy} @@ -143,6 +147,11 @@ services: - submissionAPI volumes: - data-protection:/root/.aspnet/DataProtection-Keys + env_file: + - config/creds.env + - config/internal.env + - config/minio.env + - config/user.env environment: - KeyCloakSettings__Proxy=false - DareAPISettings_HelpAddress=http://submissionAPI:8080 @@ -179,6 +188,9 @@ services: condition: service_healthy env_file: - config/creds.env + - config/internal.env + - config/minio.env + - config/user.env environment: - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Control;Include Error Detail=true;User Id=${POSTGRES_USER};Password=${POSTGRES_PASSWORD};TrustServerCertificate=True; - MinioSettings__Url=${MinioSubSettings__URL} @@ -206,6 +218,10 @@ services: condition: service_healthy postgresql: condition: service_healthy + env_file: + - config/ldap.env + - config/vault.env + - config/zeebee.env environment: - Logging__LogLevel__Default=Information - Logging__LogLevel__Microsoft.AspNetCore=Warning From bc223d9da882ac475472bf2d89dec496c6a50d91 Mon Sep 17 00:00:00 2001 From: Oliver Woolland Date: Tue, 17 Feb 2026 13:58:37 +0000 Subject: [PATCH 41/41] A few small corrections caught on review --- AllInOne/config/creds.env | 8 ++++---- AllInOne/config/minio.env | 2 +- AllInOne/config/routes.env | 2 +- AllInOne/docker-compose.yml | 15 ++++++--------- 4 files changed, 12 insertions(+), 15 deletions(-) diff --git a/AllInOne/config/creds.env b/AllInOne/config/creds.env index 37c3d1c..b632618 100644 --- a/AllInOne/config/creds.env +++ b/AllInOne/config/creds.env @@ -12,8 +12,8 @@ MinioSettings__SecretKey=minio123 DemoModeDefaultP=password123 -LDAP_ADMIN_PASSWORD: "admin" -LDAP_CONFIG_PASSWORD: "config" +LDAP_ADMIN_PASSWORD="admin" +LDAP_CONFIG_PASSWORD="config" -KC_BOOTSTRAP_ADMIN_USERNAME: admin -KC_BOOTSTRAP_ADMIN_PASSWORD: admin +KC_BOOTSTRAP_ADMIN_USERNAME=admin +KC_BOOTSTRAP_ADMIN_PASSWORD=admin diff --git a/AllInOne/config/minio.env b/AllInOne/config/minio.env index ac5b876..848b4e7 100644 --- a/AllInOne/config/minio.env +++ b/AllInOne/config/minio.env @@ -18,4 +18,4 @@ MinioSubSettings__AdminConsole=http://minioSubmission:9001 MinioSubSettings__BucketName=testbucket MinioSubSettings__AWSRegion=us-east-1 -MinioSettings__BucketName=testbucket \ No newline at end of file +MinioSettings__BucketName=testbucket diff --git a/AllInOne/config/routes.env b/AllInOne/config/routes.env index 53492f5..3d8cf77 100644 --- a/AllInOne/config/routes.env +++ b/AllInOne/config/routes.env @@ -37,4 +37,4 @@ TreAPIKeyCloakTokenExpredAddressUI=http://localhost:8989/Account/LoginAfterToken URLSettingsFrontEnd__MinioUrl=localhost:9001 # Keycloak UI -KEYCLOAK_FRONTEND_URL: http://localhost:8085/auth \ No newline at end of file +KEYCLOAK_FRONTEND_URL=http://localhost:8085/auth \ No newline at end of file diff --git a/AllInOne/docker-compose.yml b/AllInOne/docker-compose.yml index 4db7bed..c1f47b9 100644 --- a/AllInOne/docker-compose.yml +++ b/AllInOne/docker-compose.yml @@ -17,13 +17,13 @@ services: - tre-api env_file: - config/internal.env + - config/routes.env - config/user.env environment: - TreKeyCloakSettings__Proxy=${useproxy} - TreKeyCloakSettings__ProxyAddresURL=${proxyurl} tre-api: - <<: *environment image: harbor.ukserp.ac.uk:443/dare-trefx/control-tre-api:${dareVer} container_name: treapi restart: always @@ -60,6 +60,7 @@ services: - Features__DemoAllInOne=${DemoMode} - Features__EphemeralCredentials=true - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Tre;Include Error Detail=true;User Id=${POSTGRES_USER};Password=${POSTGRES_PASSWORD};TrustServerCertificate=True; + - TreKeyCloakSettings__ClientId=Dare-TRE-API - TreKeyCloakSettings__Proxy=${useproxy} - TreKeyCloakSettings__ProxyAddresURL=${proxyurl} - TreKeyCloakSettings__TokenExpiredAddress= @@ -78,7 +79,6 @@ services: ###################################################### DataEgressUI: - <<: *environment image: harbor.ukserp.ac.uk:443/dare-trefx/control-egress-ui:${dareVer} container_name: DataEgressUI restart: always @@ -91,14 +91,14 @@ services: env_file: - config/internal.env - config/minio.env + - config/routes.env - config/user.env environment: - DataEgressKeyCloakSettings__Proxy=${useproxy} - DataEgressKeyCloakSettings__ProxyAddresURL=${proxyurl} - - MinioSettings__Url=${MinioTRESettings__AdminConsole} + - MinioSettings__Url=${MinioTRESettings__Url} DataEgressAPI: - <<: *environment image: harbor.ukserp.ac.uk:443/dare-trefx/control-egress-api:${dareVer} container_name: DataEgressAPI restart: always @@ -134,7 +134,6 @@ services: ###################################################### submissionUI: - <<: *environment image: harbor.ukserp.ac.uk:443/dare-trefx/control-main-ui:${dareVer} container_name: submissionUI restart: always @@ -151,6 +150,7 @@ services: - config/creds.env - config/internal.env - config/minio.env + - config/routes.env - config/user.env environment: - KeyCloakSettings__Proxy=false @@ -160,7 +160,6 @@ services: - SubmissionKeyCloakSettings__ProxyAddresURL=${proxyurl} submissionAPI: - <<: *environment image: harbor.ukserp.ac.uk:443/dare-trefx/control-main-api:${dareVer} container_name: submissionAPI restart: always @@ -193,7 +192,6 @@ services: - config/user.env environment: - ConnectionStrings__DefaultConnection=Server=postgres;Port=5432;Database=DARE-Control;Include Error Detail=true;User Id=${POSTGRES_USER};Password=${POSTGRES_PASSWORD};TrustServerCertificate=True; - - MinioSettings__Url=${MinioSubSettings__URL} - MinioSettings__AdminConsole=${MinioSubSettings__AdminConsole} - SubmissionKeyCloakSettings__Proxy=${useproxy} - SubmissionKeyCloakSettings__ProxyAddresURL=${proxyurl} @@ -203,7 +201,6 @@ services: # Credentials ##################################################### TRE-Camunda: - <<: *environment image: harbor.ukserp.ac.uk:443/dare-trefx/control-tre-camunda:${dareVer} container_name: TRE-Camunda restart: always @@ -238,7 +235,7 @@ services: - config/creds.env environment: KC_DB: postgres - KC_DB_URL: jdbc:postgresql://${POSTGRES_DB}/keycloak + KC_DB_URL: jdbc:postgresql://postgres/keycloak KC_DB_USERNAME: ${POSTGRES_USER} KC_DB_PASSWORD: ${POSTGRES_PASSWORD} KC_HOSTNAME: http://localhost:8085