Add Docker Compose deployment to repo

2026-01-27 10:23:04 +00:00 · 2021-07-15 15:29:02 +02:00
parent ddb63e90eb
commit e4e7e69002
26 changed files with 752 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,8 @@
 *.swp
 chart/charts/*
 !chart/charts/.gitkeep
+/docker-compose/certs/
+/docker-compose/*-data/data/
+/docker-compose/*-data/uploads/
+/docker-compose/.env
+/docker-compose/.env_*
--- a/README.md
+++ b/README.md
@@ -1 +1,3 @@
 In order to make this chart work you need to install [helm-git](https://github.com/aslafy-z/helm-git) plugin
+
+[Docker Compose deployment](https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/docker-compose) 
--- a/docker-compose/.env
+++ b/docker-compose/.env
@@ -0,0 +1,9 @@
+COMPOSE_PROJECT_NAME=ucentral
+POSTGRES_TAG=latest
+MYSQL_TAG=latest
+UCENTRALGW_TAG=master
+UCENTRALGWUI_TAG=main
+UCENTRALSEC_TAG=main
+RTTYS_TAG=3.6.0
+KAFKA_TAG=latest
+ZOOKEEPER_TAG=latest
--- a/docker-compose/.env_kafka
+++ b/docker-compose/.env_kafka
@@ -0,0 +1,2 @@
+KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181
+ALLOW_PLAINTEXT_LISTENER=yes
--- a/docker-compose/.env_mysql
+++ b/docker-compose/.env_mysql
@@ -0,0 +1,4 @@
+MYSQL_ROOT_PASSWORD=root
+MYSQL_USER=rttys
+MYSQL_PASSWORD=rttys
+MYSQL_DATABASE=rttys
--- a/docker-compose/.env_postgresql
+++ b/docker-compose/.env_postgresql
@@ -0,0 +1,5 @@
+POSTGRES_PASSWORD=ucentralgw
+POSTGRES_USER=ucentralgw
+UCENTRALSEC_DB=ucentralsec
+UCENTRALSEC_DB_USER=ucentralsec
+UCENTRALSEC_DB_PASSWORD=ucentralsec
--- a/docker-compose/.env_ucentralgw
+++ b/docker-compose/.env_ucentralgw
@@ -0,0 +1,2 @@
+UCENTRALGW_ROOT=/ucentralgw-data
+UCENTRALGW_CONFIG=/ucentralgw-data
--- a/docker-compose/.env_ucentralgw-ui
+++ b/docker-compose/.env_ucentralgw-ui
@@ -0,0 +1,2 @@
+DEFAULT_UCENTRALSEC_URL=https://ucentral.wlan.local:16001
+ALLOW_UCENTRALSEC_CHANGE=false
--- a/docker-compose/.env_ucentralsec
+++ b/docker-compose/.env_ucentralsec
@@ -0,0 +1,2 @@
+UCENTRALSEC_ROOT=/ucentralsec-data
+UCENTRALSEC_CONFIG=/ucentralsec-data
--- a/docker-compose/README.md
+++ b/docker-compose/README.md
@@ -0,0 +1,18 @@
+# Docker Compose
+With the provided Docker Compose file you can instantiate a complete deployment of the uCentral microservices and related components for local development purposes. To spin up a local development environment:
+1. Switch into the project directory with `cd docker-compose/`.
+2. This repository contains a gateway certificate signed by TIP and a self-signed certificate for the REST API and other components which are used by default in the Compose deployment. The certificates are valid for the `*.wlan.local` domain and the Docker Compose uCentral microservice configs use `ucentral.wlan.local` as a hostname, so make sure you add an entry in your hosts file (or in your local DNS solution) which points to `127.0.0.1`.
+3. If you have your own certificates and want to use the deployment for anything other than local development copy your certs into the `certs/` directory and reference them in the appropriate sections of the microservice configuration files. Make sure to also adapt the sections which reference the hostname. For more information on certificates please see the [certificates section](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw#certificates) of this README and/or [CERTIFICATES.md](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/CERTIFICATES.md).
+4. Docker Compose pulls the microservice images from the JFrog repository. If you want to change the image tag or some of the image versions which are used for the other services, have a look into the `.env` file. You'll also find service specific `.env` files in this directory. Edit them if you want to change database passwords (highly recommended!) or other configuration data. Don't forget to adapt your changes in the application configuration files.
+5. Open `docker-compose/ucentralgw-data/ucentral.properties` to change [authentication data](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw#default-username-and-password) for uCentralGW (again highly recommended!).
+6. Spin up the deployment with `docker-compose up -d`.
+7. Add the self-signed certificates to the system trust store of the containers with `./add-ca-cert.sh`.
+8. Navigate to the UI which listens to `127.0.0.1` or `ucentral.wlan.local` and login with your uCentralGW authentication data.
+9. To use the [curl test script](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/main/TEST_CURL.md) to talk to the API set the following environment variables:
+```
+export UCENTRALSEC="ucentral.wlan.local:16001"
+export FLAGS="-s --cacert $YOUR_WLAN-CLOUD-UCENTRAL-DEPLOY_LOCATION/certs/restapi-ca.pem"
+```
+The `--cacert` option is necessary since the REST API certificates are self-signed. Omit the option if you provide your own signed certificates.
+
+PS: The Docker Compose deployment creates five local volumes to persist mostly database data and data for Zookeeper and Kafka. If you want re-create the deployment and remove all persistent application and database data just delete the volumes with `docker volume rm $(docker volume ls -qf name=ucentral)` after you stopped the services with `docker-compose down`.
--- a/docker-compose/add-ca-cert.sh
+++ b/docker-compose/add-ca-cert.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -e
+
+SERVICES="ucentralgw.wlan.local ucentralsec.wlan.local"
+
+for i in $SERVICES; do
+    docker-compose exec -T -u root $i apk add ca-certificates
+    docker cp certs/restapi-ca.pem ucentral_$i\_1:/usr/local/share/ca-certificates/
+    docker-compose exec -T -u root $i update-ca-certificates
+done
--- a/docker-compose/certs/.gitignore
+++ b/docker-compose/certs/.gitignore
@@ -0,0 +1,3 @@
+*
+!.gitignore
+!cas/
--- a/docker-compose/certs/cas/.gitignore
+++ b/docker-compose/certs/cas/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
--- a/docker-compose/certs/clientcas.pem
+++ b/docker-compose/certs/clientcas.pem
@@ -0,0 +1,49 @@
+-----BEGIN CERTIFICATE-----
+MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
+BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
+CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
+qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
+yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
+4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
+ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
+UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
+YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
+98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
+BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
+AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
+cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
+ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
+KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
+IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
+XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
+IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
+DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
+EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+5IOM7ItsRmen6u3qu+JXros54e4juQ==
+-----END CERTIFICATE-----
--- a/docker-compose/certs/issuer.pem
+++ b/docker-compose/certs/issuer.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
+BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
+CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
+qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
+yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
+4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
+ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
+UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
+YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
+98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
+BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
+AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
+cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
+ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
+KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
+IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
+XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
+IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
+DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
+EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
+-----END CERTIFICATE-----
--- a/docker-compose/certs/restapi-ca.pem
+++ b/docker-compose/certs/restapi-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4DCCAcgCCQC7oc+4dT4WlTANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJD
+QTEMMAoGA1UECgwDVElQMRUwEwYDVQQDDAwqLndsYW4ubG9jYWwwHhcNMjEwNzA3
+MDkyOTAxWhcNMzEwNzA1MDkyOTAxWjAyMQswCQYDVQQGEwJDQTEMMAoGA1UECgwD
+VElQMRUwEwYDVQQDDAwqLndsYW4ubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQD67KEKKHj1xyj0Sc+/WSFeXluhp+76V/8njnGcTus8IsaHWeAj
+O1T1/PnqNMNP3CSgCpAZRn7Eom33HH89pC7iIE5t3aGrFzxZ6AxFgECUCkby1j9D
+j7PawapJ7XNqT4P4ZGEGOWlLGE9oUpF2pr3B3jBwmV9t9d/Zp8na23K7rnsr5kNn
+RXp6iPNPpynppNQFBwzsovyhu9tzk/zz3gohSY9f6oyNNaKcZwN/yrG4B8FnRfa7
+WFNvkPi5zAjJ3oEXMp+Im2/SvSqzptYwZhplb14ILZ5ClkSwAslG8FiOAzXr887r
+hgEPzqP6SNIOwy/B/AMOFQl6wPvXBwz9eNW1AgMBAAEwDQYJKoZIhvcNAQELBQAD
+ggEBAA8Oa8jannqNRdqOuY460Pum1B61kGmf2OK2ZiMaddlxqL3ZBdXPqF02hwSd
+q6uxCVP5NgvqSm+pTHaDcODJiCBrMmGQqHT82LuoCyk1BMqH/PYm+kfazPhKF31x
+Me7E47DQzk4tMyV28HBCHH6UicQ05ryT1yBfmj8JmYNx9ezmJcanu0/eyI2Lv8Ar
+Y7mrgblfOUnsif2w/aUaOsoY1t6/ThgTBc3BTMtUXXAcMiPLu4mSdN6nCm75Qp5q
+4zl/SNPjLnmtpHhLDtr4swf6vZw0RG7ECCf6Av8lv8mJG6g53YM8jfe0EzLqbAFf
+iSuQbt5n6lMWVgv+FKwXjwAda+Q=
+-----END CERTIFICATE-----
--- a/docker-compose/certs/restapi-cert.pem
+++ b/docker-compose/certs/restapi-cert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4DCCAcgCCQC7oc+4dT4WlTANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJD
+QTEMMAoGA1UECgwDVElQMRUwEwYDVQQDDAwqLndsYW4ubG9jYWwwHhcNMjEwNzA3
+MDkyOTAxWhcNMzEwNzA1MDkyOTAxWjAyMQswCQYDVQQGEwJDQTEMMAoGA1UECgwD
+VElQMRUwEwYDVQQDDAwqLndsYW4ubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQD67KEKKHj1xyj0Sc+/WSFeXluhp+76V/8njnGcTus8IsaHWeAj
+O1T1/PnqNMNP3CSgCpAZRn7Eom33HH89pC7iIE5t3aGrFzxZ6AxFgECUCkby1j9D
+j7PawapJ7XNqT4P4ZGEGOWlLGE9oUpF2pr3B3jBwmV9t9d/Zp8na23K7rnsr5kNn
+RXp6iPNPpynppNQFBwzsovyhu9tzk/zz3gohSY9f6oyNNaKcZwN/yrG4B8FnRfa7
+WFNvkPi5zAjJ3oEXMp+Im2/SvSqzptYwZhplb14ILZ5ClkSwAslG8FiOAzXr887r
+hgEPzqP6SNIOwy/B/AMOFQl6wPvXBwz9eNW1AgMBAAEwDQYJKoZIhvcNAQELBQAD
+ggEBAA8Oa8jannqNRdqOuY460Pum1B61kGmf2OK2ZiMaddlxqL3ZBdXPqF02hwSd
+q6uxCVP5NgvqSm+pTHaDcODJiCBrMmGQqHT82LuoCyk1BMqH/PYm+kfazPhKF31x
+Me7E47DQzk4tMyV28HBCHH6UicQ05ryT1yBfmj8JmYNx9ezmJcanu0/eyI2Lv8Ar
+Y7mrgblfOUnsif2w/aUaOsoY1t6/ThgTBc3BTMtUXXAcMiPLu4mSdN6nCm75Qp5q
+4zl/SNPjLnmtpHhLDtr4swf6vZw0RG7ECCf6Av8lv8mJG6g53YM8jfe0EzLqbAFf
+iSuQbt5n6lMWVgv+FKwXjwAda+Q=
+-----END CERTIFICATE-----
--- a/docker-compose/certs/restapi-key.pem
+++ b/docker-compose/certs/restapi-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD67KEKKHj1xyj0
+Sc+/WSFeXluhp+76V/8njnGcTus8IsaHWeAjO1T1/PnqNMNP3CSgCpAZRn7Eom33
+HH89pC7iIE5t3aGrFzxZ6AxFgECUCkby1j9Dj7PawapJ7XNqT4P4ZGEGOWlLGE9o
+UpF2pr3B3jBwmV9t9d/Zp8na23K7rnsr5kNnRXp6iPNPpynppNQFBwzsovyhu9tz
+k/zz3gohSY9f6oyNNaKcZwN/yrG4B8FnRfa7WFNvkPi5zAjJ3oEXMp+Im2/SvSqz
+ptYwZhplb14ILZ5ClkSwAslG8FiOAzXr887rhgEPzqP6SNIOwy/B/AMOFQl6wPvX
+Bwz9eNW1AgMBAAECggEAZdJT3u1heEqjAc5Z8QnYEpUzlbuxrAC9V23kCEu2BScP
+bKk53NIcvd00BKf4gZWRfygKJVeH5X8MJHR55aeUJsp5SPfgvK6nHMye/iz3B5vM
+AoqSDXZow2JHGcyzQvaVVNxWytHNOl3ZCzpGMOGkquDgwzBZmyNk/Muri5X1TtbH
+DgeYdht2YiHqHdGWsLNU1vZAgzlwD8fXg65XOmNehjWnowhpNRCgpcDeJCtEuNzt
+6iXFWffjO6YTbVnoM5xhLROjLv6gYP4wxsQSZc/NGz9Jow7VxlYZg9wCE75bduFn
+7D5O4OgVgPgYbyCutpB/o4PMNURb4V/5p2OAEgLX2QKBgQD+kHYRAaawRbaY4jGf
+isj0oh2C/Z99Mqf/nnpPwmUwrhpmnQ+pRdWBw940tPrEpVoOcCPWQ5hO1zUET18d
+xQqs3zd6lEhJogmMqkjOT670YBEX/wyALd3M5F3HT/K2aixL1XaCCpAl97JB9RyB
+zGIr5c+mIOVK/uYrlFO28thXzwKBgQD8VumZIYZpWeE7pTyCg0PcDYlNATA/VKoD
+9YrGqEEHGgFNJEWj8Xj8aqBzaPoUk+eGp7NfSoOchVM+Bf3ktWy5doZCmNuxlOyq
+Ix5yrB2jyYceaSf2nxHqlD2VhKB/YJx0yTU1UkB5dG4nYnqiUg7c5JeQOVzwFKm1
+t6/Hk/cXOwKBgGT+yWjL3+cVcXFMZGWouTudSdobZ3hTbaWTqXEVbfIXUPAfJgSB
+aUi3feQpXUhBVe5efUlXvgihhy4zk0gLUcXuNWOTiu5ztBgzwvjfUkkwB/geP0Zn
+bBULEU2vIVtP2k0n3oGPUUtO71ENvwacIOLLpUuCx5WudYEasu/lfwGvAoGBAOiE
+manuF3HaTU3tu20z0YLiwkK/tpqUxDjzuBXIEmudzdcsdjNUHbzR79mIwO/XPf95
+ZjKHcfD3dbXwRXzKpE3dZmfVfJMM/GrmA3d9G67B04z1Lsr01siGIp004cOd3W1L
+vojMqvZ/j8Ug3InX/TQUO4i9IuNi1uLISOQpdwTjAoGAG33swIFnH/mz7ubu8wfE
+9nwe8NNf56kbFBG2FMuHvo8GYj0sqylwtZnh4TCwlTzqUO8e6oFdK8Ot6z7H9Fa3
+vnDD2WRwEFydRP5fbW5eFmGbzLfHlzUY+Do81qrUMF47LEN94X7yaXdb/vNW57lp
+K9hGF1Bdk8089Knm3l1Fc4w=
+-----END PRIVATE KEY-----
--- a/docker-compose/certs/root.pem
+++ b/docker-compose/certs/root.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+5IOM7ItsRmen6u3qu+JXros54e4juQ==
+-----END CERTIFICATE-----
--- a/docker-compose/certs/websocket-cert.pem
+++ b/docker-compose/certs/websocket-cert.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEgDCCA2igAwIBAgIUaKVB2xg9gr/sS6FvzMex0xSbEzswDQYJKoZIhvcNAQEL
+BQAwbDELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSkwJwYDVQQDEyBUZWxlY29tIEluZnJhIFBy
+b2plY3QgSXNzdWluZyBDQTAeFw0yMTA3MDgxMDQ5MTVaFw0yNTA3MDgxMDQ5MTVa
+MDIxCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNUSVAxFTATBgNVBAMMDCoud2xhbi5s
+b2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2rlMfV7/Si2Svx
+J1YOEz6KJLvey995/0MkQvAG0RM6TpFwgUNnpYFFozcWME8MGSxws+6hOzDoMmHC
+pgpP/KZ/Fyu9iUdzTxsJMyMxIW9sYbBMkQgBmvjkBlXDk5NfHh+yJBVxb7JlJ6vJ
+oT7EJMzgKpYpFnO+bddalUVsDp3qQIjSvJIxl77vwgZQUJx0qCm17VTBhyM2RTJ3
+jtr7kcWDm3jyyTVUvlM9g3DM9g0hUPMN0R5PP2HuqDdtYoY51krsm2mmVIYYnyAN
+BDawmwYnZJfcC4gFzZJ5wK5NFjSKmd1mYp0damlSh0/uHxPyd4rm2QhUCQH92yKM
+9qYU70CAwEAAaOCAVIwggFOMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFM0mIZuE
+6aly7ZKXl0KWjprcO9/uMB8GA1UdIwQYMBaAFLMbVLjgR6s98ziA5Dzl/QBhbdHo
+MA4GA1UdDwEB/wQEAwIFoDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDATCBhgYIKwYB
+BQUHAQEEejB4MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5vbmUuZGlnaWNlcnQu
+Y29tMEwGCCsGAQUFBzAChkBodHRwOi8vY2FjZXJ0cy5vbmUuZGlnaWNlcnQuY29t
+L1RlbGVjb21JbmZyYVByb2plY3RJc3N1aW5nQ0EuY3J0ME0GA1UdHwRGMEQwQqBA
+oD6GPGh0dHA6Ly9jcmwub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQcm9q
+ZWN0SXNzdWluZ0NBLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAAyb7X9qW0z0QJrl2
+oAalMCh/gSJy5oER3L7iu/pnP3GREbr6bh6+1/MAf2bgnN2CUOKQHbozB7yCkM6V
+8m5RnL4ePKVP5yIrbs48uM5Hl14QFLU4ZtFao6js0haoWWEgMo3sfbeyfOU0ScyW
+ET5zfbDub3gUbWYmlz6hyV5aJoznaFjJTNP7SRQ9CHMTMHh3wAPfVlvG2TdcwwbM
+ZKkdAHpl1NwRxyiBPJfkejGWrY3ZAs10te7u9Lsc9yZZKL8SU9J/mrO9tM5HLeUr
+nCJN4RI7RyTuDw4LdMZW1Ju5QBXoZL9mj4KXIbUkDwryhbAxdQ1OnwD4O/avMChk
+TNJzIw==
+-----END CERTIFICATE-----
--- a/docker-compose/certs/websocket-key.pem
+++ b/docker-compose/certs/websocket-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC9q5TH1e/0otkr
+8SdWDhM+iiS73svfef9DJELwBtETOk6RcIFDZ6WBRaM3FjBPDBkscLPuoTsw6DJh
+wqYKT/ymfxcrvYlHc08bCTMjMSFvbGGwTJEIAZr45AZVw5OTXx4fsiQVcW+yZSer
+yaE+xCTM4CqWKRZzvm3XWpVFbA6d6kCI0rySMZe+78IGUFCcdKgpte1UwYcjNkUy
+d47a+5HFg5t48sk1VL5TPYNwzPYNIVDzDdEeTz9h7qg3bWKGOdZK7JtpplSGGJ8g
+DQQ2sJsGJ2SX3AuIBc2SecCuTRY0ipndZmKdHWppUodP7h8T8neK5tkIVAkB/dsi
+jPvamFO9AgMBAAECggEBAJgYoaRmcJfShyhvp8WgX9pE2RQ2o3I/2Gy1BWCJdtte
+ZGbIuz+cO+IgP7QK/Q5Ge2Fht0hizp53dP9kIdYfMlEplSEkSpObahIaHIHaAh/h
+36yKmbq73tQ7tsDLpuoE2pk8Nydi4dlCuL9PXxiAHaqVEFF9/V0vldGd+BnFfyst
+retXgockCH+fqddM5Kp+H0bmjXzLke/b8T9KsdSBz7lg1Z67kmMrHLe14Q4Hgmr/
+pFBkGGWKTFn48OXfncrv+oQAGED7r9c5UEdpOB6SBDxuddfzgkw9urnpKrYC/KOs
+HLBTaGew73O81BsbaZlUiVxTdewrmFk2nG6UIPoGaxkCgYEA7IYOjIfNJOEPIWYP
+zj4eipTy6zFk4L7tX3wX4wsor93rz8ArlF8sgNoyUhbKm6H++ZfVezLs2jcjJJ8Q
+sXLwQ6L/D8aVb6AOVeC1WYJu5+wXIDX0H+1318a5+3bKVPn+hktJGEgCBvplVRnh
+yzpQ+2v1SBp9qEzoSl1sV6gm1tsCgYEAzUnZcjUhHvoXLXJ1lfagCC6QsmjqzpJv
+VdTKJlDuZ0qQGC6Ts+wKfM3MoiOsXW0pByC5lWwE43c/KU8J358j3OSSNafIFeD1
+cxtYzJlMgnw5Y2Zt9tj+QW/1BOMdOftnPSOnsk6rpdCBMW6a2tYubJjbAuge+a2O
+939XGnV0R0cCgYEA0bvmNtNNJAC2LAWWymnnJzgBWHFKZMipMNyXSethPuHo8yYS
+/tSOYAwcRxKSwwMZWDY9RavYv3/ZF+Y9JT0otLFav6B2bq9dRuWlqiOxONLvhs6R
+Faa7eIlt7gBeVpAAFRG5VWC0+38aUCZNRKsHmIsYy8FB3/Winh7NrcUb+7UCgYBi
+egCTZqUixPmFVZjOfWY7Rosm6mlo+pnp5I+sXbpfVkdVMlKsRpipUdfOF6rBjnHV
+937PDOgzbaqg2Ed2PFLpzcPNdVToGefkdcPdMdSf65Nj+WjatzEQlvJEi+YjQFQ/
+4fC5+j8g5apz2gjy3Teb5J96/3qMbxNb6nwQNzO2VQKBgHyHUJOrhvv9+vs7v8nu
+9DgV0b5eNO0g6Q4Ji7oqs24PssPQRA4gMtwmPT8Ha+wWGVzQt2U5LmjsLlrqAO6O
+Fa3c63sgmt672A8BJ3PL8LI8E2keZiH6rwADSUFp3TZoU2SHamw5NEruNRMIF1R
+0LMsuAs2KEdnwAth2ZmUF2+S
+-----END PRIVATE KEY-----
--- a/docker-compose/docker-compose.yml
+++ b/docker-compose/docker-compose.yml
@@ -0,0 +1,104 @@
+version: '3'
+
+volumes:
+  postgresql_data:
+    driver: local
+  mysql_data:
+    driver: local
+  zookeeper_data:
+    driver: local
+  zookeeper_datalog:
+    driver: local
+  kafka_data:
+    driver: local
+
+services:
+  postgresql:
+    image: "postgres:${POSTGRES_TAG}"
+    env_file:
+      - .env_postgresql
+    restart: unless-stopped
+    volumes:
+      - postgresql_data:/var/lib/postgresql/data
+      - ./init-ucentralsec-db.sh:/docker-entrypoint-initdb.d/init-ucentralsec-db.sh
+
+  mysql:
+    image: "mysql:${MYSQL_TAG}"
+    env_file:
+      - .env_mysql
+    restart: unless-stopped
+    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
+    volumes:
+      - mysql_data:/var/lib/mysql
+
+  ucentralgw.wlan.local:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/ucentralgw:${UCENTRALGW_TAG}"
+    env_file:
+      - .env_ucentralgw
+    depends_on: 
+      - postgresql
+      - kafka
+      - rttys
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:15002:15002"
+      - "127.0.0.1:16002:16002"
+      - "127.0.0.1:16003:16003"
+      - "127.0.0.1:16102:16102"
+    volumes:
+      - ./ucentralgw-data:/ucentralgw-data
+      - ./certs:/ucentralgw-data/certs
+
+  ucentralgw-ui:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/ucentralgw-ui:${UCENTRALGWUI_TAG}"
+    env_file:
+      - .env_ucentralgw-ui
+    depends_on:
+      - ucentralgw.wlan.local
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:80:80"
+
+  ucentralsec.wlan.local:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/ucentralsec:${UCENTRALSEC_TAG}"
+    env_file:
+      - .env_ucentralsec
+    depends_on: 
+      - postgresql
+      - kafka
+      - rttys
+      - ucentralgw.wlan.local
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:16001:16001"
+      - "127.0.0.1:16101:16101"
+    volumes:
+      - ./ucentralsec-data:/ucentralsec-data
+      - ./certs:/ucentralsec-data/certs
+
+  rttys:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/rttys:${RTTYS_TAG}"
+    depends_on: 
+      - mysql
+    restart: unless-stopped
+    volumes:
+      - ./certs/restapi-cert.pem:/etc/rttys/restapi-cert.pem
+      - ./certs/restapi-key.pem:/etc/rttys/restapi-key.pem
+      - ./rttys/rttys.conf:/rttys/rttys.conf
+
+  zookeeper:
+    image: "zookeeper:${ZOOKEEPER_TAG}"
+    restart: unless-stopped
+    volumes:
+      - zookeeper_data:/data
+      - zookeeper_datalog:/datalog
+
+  kafka:
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
+    env_file:
+      - .env_kafka
+    restart: unless-stopped
+    depends_on:
+      - zookeeper
+    volumes:
+      - kafka_data:/bitnami/kafka
--- a/docker-compose/init-ucentralsec-db.sh
+++ b/docker-compose/init-ucentralsec-db.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+set -e
+
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
+    CREATE USER $UCENTRALSEC_DB_USER WITH ENCRYPTED PASSWORD '$UCENTRALSEC_DB_PASSWORD';
+    CREATE DATABASE $UCENTRALSEC_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $UCENTRALSEC_DB TO $UCENTRALSEC_DB_USER;
+EOSQL
--- a/docker-compose/rttys/rttys.conf
+++ b/docker-compose/rttys/rttys.conf
@@ -0,0 +1,18 @@
+addr-dev: :5912
+addr-user: :5913
+#addr-web: :5914
+#web-redir-url:# Auth for http
+http-username: rttys
+http-password: rttys
+ssl-cert: /etc/rttys/restapi-cert.pem
+ssl-key: /etc/rttys/restapi-key.pem
+token: 96181c567b4d0d98c50f127230068fa8
+# font-size: 16
+# No login required to connect device.
+# Values can be device IDs separated by spaces,
+# or a "*" indicates that all devices do not require login
+# http://localhost:5913/connect/rtty1
+white-list: "*"
+#white-list: rtty1 rtty2
+# mysql database source
+db: rttys:rttys@tcp(mysql)/rttys
--- a/docker-compose/ucentralgw-data/ucentralgw.properties
+++ b/docker-compose/ucentralgw-data/ucentralgw.properties
@@ -0,0 +1,194 @@
+#
+# uCentral protocol server for devices. This is where you point
+# all your devices. You can replace the * for address by the specific
+# address of one of your interfaces
+#
+ucentral.websocket.host.0.backlog = 500
+ucentral.websocket.host.0.rootca = $UCENTRALGW_ROOT/certs/root.pem
+ucentral.websocket.host.0.issuer = $UCENTRALGW_ROOT/certs/issuer.pem
+ucentral.websocket.host.0.cert = $UCENTRALGW_ROOT/certs/websocket-cert.pem
+ucentral.websocket.host.0.key = $UCENTRALGW_ROOT/certs/websocket-key.pem
+ucentral.websocket.host.0.clientcas = $UCENTRALGW_ROOT/certs/clientcas.pem
+ucentral.websocket.host.0.cas = $UCENTRALGW_ROOT/certs/cas
+ucentral.websocket.host.0.address = *
+ucentral.websocket.host.0.port = 15002
+ucentral.websocket.host.0.security = strict
+ucentral.websocket.host.0.key.password = mypassword
+ucentral.websocket.maxreactors = 20
+
+#
+# REST API access
+#
+ucentral.restapi.host.0.backlog = 100
+ucentral.restapi.host.0.security = relaxed
+ucentral.restapi.host.0.rootca = $UCENTRALGW_ROOT/certs/restapi-ca.pem
+ucentral.restapi.host.0.address = *
+ucentral.restapi.host.0.port = 16002
+ucentral.restapi.host.0.cert = $UCENTRALGW_ROOT/certs/restapi-cert.pem
+ucentral.restapi.host.0.key = $UCENTRALGW_ROOT/certs/restapi-key.pem
+ucentral.restapi.host.0.key.password = mypassword
+
+ucentral.internal.restapi.host.0.backlog = 100
+ucentral.internal.restapi.host.0.security = relaxed
+ucentral.internal.restapi.host.0.rootca = $UCENTRALGW_ROOT/certs/restapi-ca.pem
+ucentral.internal.restapi.host.0.address = *
+ucentral.internal.restapi.host.0.port = 17002
+ucentral.internal.restapi.host.0.cert = $UCENTRALGW_ROOT/certs/restapi-cert.pem
+ucentral.internal.restapi.host.0.key = $UCENTRALGW_ROOT/certs/restapi-key.pem
+ucentral.internal.restapi.host.0.key.password = mypassword
+
+#
+# Used to upload files to the service.
+# You should replace the 'name' vaalue with the IP address of your gateway or an FQDN
+# that your devices can reach
+#
+ucentral.fileuploader.host.0.backlog = 100
+ucentral.fileuploader.host.0.rootca = $UCENTRALGW_ROOT/certs/restapi-ca.pem
+ucentral.fileuploader.host.0.security = relaxed
+ucentral.fileuploader.host.0.address = *
+ucentral.fileuploader.host.0.name = ucentral.wlan.local
+ucentral.fileuploader.host.0.port = 16003
+ucentral.fileuploader.host.0.cert = $UCENTRALGW_ROOT/certs/restapi-cert.pem
+ucentral.fileuploader.host.0.key = $UCENTRALGW_ROOT/certs/restapi-key.pem
+ucentral.fileuploader.host.0.key.password = mypassword
+ucentral.fileuploader.path = $UCENTRALGW_ROOT/uploads
+ucentral.fileuploader.maxsize = 10000
+
+#
+# Generic section that all microservices must have
+#
+ucentral.service.key = $UCENTRALGW_ROOT/certs/restapi-key.pem
+ucentral.system.data = $UCENTRALGW_ROOT/data
+ucentral.system.debug = true
+#ucentral.system.uri.private = https://localhost:17002
+#ucentral.system.uri.public = https://local.dpaas.arilia.com:16002
+#ucentral.system.uri.ui = https://ucentral-ui.arilia.com
+ucentral.system.uri.private = https://ucentralgw.wlan.local:17002
+ucentral.system.uri.public = https://ucentral.wlan.local:16002
+ucentral.system.uri.ui = http://127.0.0.1
+ucentral.system.commandchannel = /tmp/app.ucentralgw
+
+#
+# Gateway Microservice Specific Section
+#
+ucentral.autoprovisioning = true
+ucentral.devicetypes.0 = AP:linksys_ea8300,edgecore_eap101,linksys_e8450-ubi
+ucentral.devicetypes.1 = SWITCH:edgecore_ecs4100-12ph
+ucentral.devicetypes.2 = IOT:esp32
+oui.download.uri = https://linuxnet.ca/ieee/oui.txt
+firmware.autoupdate.policy.default = auto
+
+#
+# rtty
+#
+rtty.enabled = true
+rtty.server = rttys
+rtty.port = 5912
+rtty.token = 96181c567b4d0d98c50f127230068fa8
+rtty.timeout = 60
+rtty.viewport = 5913
+
+#############################
+# Generic information for all micro services
+#############################
+#
+# NLB Support
+#
+alb.enable = true
+alb.port = 16102
+
+#
+# Kafka
+#
+ucentral.kafka.group.id = gateway
+ucentral.kafka.client.id = gateway1
+ucentral.kafka.enable = true
+ucentral.kafka.brokerlist = kafka:9092
+# ucentral.kafka.brokerlist = debfarm1-node-c.arilia.com:9092
+ucentral.kafka.auto.commit = false
+ucentral.kafka.queue.buffering.max.ms = 50
+
+#
+# This section select which form of persistence you need
+# Only one selected at a time. If you select multiple, this service will die if a horrible
+# death and might make your beer flat.
+#
+#storage.type = sqlite
+storage.type = postgresql
+#storage.type = mysql
+#storage.type = odbc
+
+storage.type.sqlite.db = devices.db
+storage.type.sqlite.idletime = 120
+storage.type.sqlite.maxsessions = 128
+
+storage.type.postgresql.maxsessions = 64
+storage.type.postgresql.idletime = 60
+storage.type.postgresql.host = postgresql
+storage.type.postgresql.username = ucentralgw
+storage.type.postgresql.password = ucentralgw
+storage.type.postgresql.database = ucentralgw
+storage.type.postgresql.port = 5432
+storage.type.postgresql.connectiontimeout = 60
+
+storage.type.mysql.maxsessions = 64
+storage.type.mysql.idletime = 60
+storage.type.mysql.host = localhost
+storage.type.mysql.username = stephb
+storage.type.mysql.password = snoopy99
+storage.type.mysql.database = ucentral
+storage.type.mysql.port = 3306
+storage.type.mysql.connectiontimeout = 60
+
+archiver.enabled = true
+archiver.schedule = 03:00
+archiver.db.0.name = healthchecks
+archiver.db.0.keep = 7
+archiver.db.1.name = statistics
+archiver.db.1.keep = 7
+archiver.db.2.name = devicelogs
+archiver.db.2.keep = 7
+archiver.db.3.name = commandlist
+archiver.db.3.keep = 7
+
+########################################################################
+########################################################################
+#
+# Logging: please leave as is for now.
+#
+########################################################################
+
+logging.formatters.f1.class = PatternFormatter
+logging.formatters.f1.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
+logging.formatters.f1.times = UTC
+logging.channels.c1.class = ConsoleChannel
+logging.channels.c1.formatter = f1
+
+# This is where the logs will be written. This path MUST exist
+logging.channels.c2.class = FileChannel
+logging.channels.c2.path = $UCENTRALGW_ROOT/logs/log
+logging.channels.c2.formatter.class = PatternFormatter
+logging.channels.c2.formatter.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
+logging.channels.c2.rotation = 20 M
+logging.channels.c2.archive = timestamp
+logging.channels.c2.purgeCount = 20
+logging.channels.c3.class = ConsoleChannel
+logging.channels.c3.pattern = %s: [%p] %t
+
+# External Channel
+logging.loggers.root.channel = c1
+logging.loggers.root.level = debug
+
+# Inline Channel with PatternFormatter
+# logging.loggers.l1.name = logger1
+# logging.loggers.l1.channel.class = ConsoleChannel
+# logging.loggers.l1.channel.pattern = %s: [%p] %t
+# logging.loggers.l1.level = information
+# SplitterChannel
+# logging.channels.splitter.class = SplitterChannel
+# logging.channels.splitter.channels = l1,l2
+# logging.loggers.l2.name = logger2
+# logging.loggers.l2.channel = splitter
+
+
+
--- a/docker-compose/ucentralsec-data/ucentralsec.properties
+++ b/docker-compose/ucentralsec-data/ucentralsec.properties
@@ -0,0 +1,145 @@
+#
+# uCentral protocol server for devices. This is where you point
+# all your devices. You can replace the * for address by the specific
+# address of one of your interfaces
+#
+
+#
+# REST API access
+#
+ucentral.restapi.host.0.backlog = 100
+ucentral.restapi.host.0.security = relaxed
+ucentral.restapi.host.0.rootca = $UCENTRALSEC_ROOT/certs/restapi-ca.pem
+ucentral.restapi.host.0.address = *
+ucentral.restapi.host.0.port = 16001
+ucentral.restapi.host.0.cert = $UCENTRALSEC_ROOT/certs/restapi-cert.pem
+ucentral.restapi.host.0.key = $UCENTRALSEC_ROOT/certs/restapi-key.pem
+ucentral.restapi.host.0.key.password = mypassword
+ucentral.restapi.wwwassets = $UCENTRALSEC_ROOT/wwwassets
+
+ucentral.internal.restapi.host.0.backlog = 100
+ucentral.internal.restapi.host.0.security = relaxed
+ucentral.internal.restapi.host.0.rootca = $UCENTRALSEC_ROOT/certs/restapi-ca.pem
+ucentral.internal.restapi.host.0.address = *
+ucentral.internal.restapi.host.0.port = 17001
+ucentral.internal.restapi.host.0.cert = $UCENTRALSEC_ROOT/certs/restapi-cert.pem
+ucentral.internal.restapi.host.0.key = $UCENTRALSEC_ROOT/certs/restapi-key.pem
+ucentral.internal.restapi.host.0.key.password = mypassword
+
+#
+# Generic section that all microservices must have
+#
+authentication.enabled = true
+authentication.default.username = tip@ucentral.com
+authentication.default.password = 13268b7daa751240369d125e79c873bd8dd3bef7981bdfd38ea03dbb1fbe7dcf
+ucentral.system.data = $UCENTRALSEC_ROOT/data
+ucentral.system.uri.private = https://ucentralsec.wlan.local:17001
+ucentral.system.uri.public = https://ucentral.wlan.local:16001
+ucentral.system.uri.ui = http://127.0.0.1
+ucentral.system.commandchannel = /tmp/app.ucentralsec
+ucentral.service.key = $UCENTRALSEC_ROOT/certs/restapi-key.pem
+
+#
+# Security Microservice Specific Section
+#
+mailer.hostname = smtp.gmail.com
+mailer.username = no-reply@arilia.com
+mailer.password = pink-elephants-play-hockey
+mailer.loginmethod = login
+mailer.port = 587
+mailer.templates = $UCENTRALSEC_ROOT/templates
+
+
+#############################
+# Generic information for all micro services
+#############################
+#
+# NLB Support
+#
+alb.enable = true
+alb.port = 16101
+
+#
+# Kafka
+#
+ucentral.kafka.group.id = security
+ucentral.kafka.client.id = security1
+ucentral.kafka.enable = true
+# ucentral.kafka.brokerlist = a1.arilia.com:9092
+ucentral.kafka.brokerlist = kafka:9092
+ucentral.kafka.auto.commit = false
+ucentral.kafka.queue.buffering.max.ms = 50
+
+#
+# This section select which form of persistence you need
+# Only one selected at a time. If you select multiple, this service will die if a horrible
+# death and might make your beer flat.
+#
+#storage.type = sqlite
+storage.type = postgresql
+#storage.type = mysql
+#storage.type = odbc
+
+storage.type.sqlite.db = security.db
+storage.type.sqlite.idletime = 120
+storage.type.sqlite.maxsessions = 128
+
+storage.type.postgresql.maxsessions = 64
+storage.type.postgresql.idletime = 60
+storage.type.postgresql.host = postgresql
+storage.type.postgresql.username = ucentralsec
+storage.type.postgresql.password = ucentralsec
+storage.type.postgresql.database = ucentralsec
+storage.type.postgresql.port = 5432
+storage.type.postgresql.connectiontimeout = 60
+
+storage.type.mysql.maxsessions = 64
+storage.type.mysql.idletime = 60
+storage.type.mysql.host = localhost
+storage.type.mysql.username = stephb
+storage.type.mysql.password = snoopy99
+storage.type.mysql.database = ucentral
+storage.type.mysql.port = 3306
+storage.type.mysql.connectiontimeout = 60
+
+
+########################################################################
+########################################################################
+#
+# Logging: please leave as is for now.
+#
+########################################################################
+logging.formatters.f1.class = PatternFormatter
+logging.formatters.f1.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
+logging.formatters.f1.times = UTC
+logging.channels.c1.class = ConsoleChannel
+logging.channels.c1.formatter = f1
+
+# This is where the logs will be written. This path MUST exist
+logging.channels.c2.class = FileChannel
+logging.channels.c2.path = $UCENTRALSEC_ROOT/logs/log
+logging.channels.c2.formatter.class = PatternFormatter
+logging.channels.c2.formatter.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
+logging.channels.c2.rotation = 20 M
+logging.channels.c2.archive = timestamp
+logging.channels.c2.purgeCount = 20
+logging.channels.c3.class = ConsoleChannel
+logging.channels.c3.pattern = %s: [%p] %t
+
+# External Channel
+logging.loggers.root.channel = c1
+logging.loggers.root.level = debug
+
+# Inline Channel with PatternFormatter
+# logging.loggers.l1.name = logger1
+# logging.loggers.l1.channel.class = ConsoleChannel
+# logging.loggers.l1.channel.pattern = %s: [%p] %t
+# logging.loggers.l1.level = information
+# SplitterChannel
+# logging.channels.splitter.class = SplitterChannel
+# logging.channels.splitter.channels = l1,l2
+# logging.loggers.l2.name = logger2
+# logging.loggers.l2.channel = splitter
+
+
+