remove lite

lite/config/controller.toml.sample

-[database]
-url = "postgres://ot:<MyPostgresPW>@postgres:5432/k3k"
-
-[http]
-port = 11311
-cors.allowed_origin = ["https://<MyOtDomain>"]
-
-[keycloak]
-base_url = "https://accounts.<MyOtDomain>/auth"
-realm = "opentalk"
-client_id = "OtBackend"
-client_secret = "<MyKcClientSecret>"
-
-[room_server]
-max_video_bitrate = "1600000"
-max_screen_bitrate = "8000000"
-
-[[room_server.connections]]
-to_routing_key = "to-janus"
-exchange = "janus-exchange"
-from_routing_key = "from-janus"
-
-[rabbit_mq]
-url = "amqp://rabbit/%2F"
-mail_task_queue = "opentalk_mailer"
-recording_task_queue = "opentalk_recorder"
-
-[redis]
-url = "redis://redis:6379/"
-
-[minio]
-uri = "http://minio:9000"
-bucket = "s3_bucket"
-access_key = "minioadmin"
-secret_key = "minioadmin"
-

lite/docker-compose.yaml

----
-version: "3.9"
-services:
-  # *** KEYCLOAK ***
-  keycloak:
-    image: quay.io/keycloak/keycloak:${KC_IMAGE_TAG:-22.0}
-    profiles: ["core", "keycloak", "controller"]
-    restart: always
-    environment:
-      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-admin}
-      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
-      KC_REALM_ID: ${KC_REALM_ID:-opentalk}
-      KC_REALM_NAME: ${KC_REALM_NAME:-opentalk}
-      KC_REALM_DISPLAYNAME: ${KC_REALM_DISPLAYNAME:-opentalk}
-      KC_CLIENT_SECRET: ${KC_CLIENT_SECRET}
-      KC_DOMAIN: ${OT_DOMAIN:-opentalk.example.com}
-      KC_HOSTNAME: "accounts.${OT_DOMAIN:-opentalk.example.com}"
-      KC_HTTP_RELATIVE_PATH: ${KC_HTTP_RELATIVE_PATH:-/auth}
-      KC_PROXY: ${KC_PROXY:-edge}
-      KC_TESTUSER_ENABLE: ${KC_TESTUSER_ENABLE:-false}
-    entrypoint: []
-    command:
-      - /bin/sh
-      - -c
-      - |
-          /opt/keycloak/bin/kc.sh build --health-enabled=true
-          /opt/keycloak/bin/kc.sh start --import-realm --optimized
-    user: 0:0
-    volumes:
-      - ${KC_HOST_DATA_DIR:-./data/kc_data}:/opt/keycloak/data/:Z
-      - ${KC_HOST_POVIDER_DIR:-./data/kc_provider}:/opt/keycloak/providers:Z
-    ports:
-      - ${KC_EXP_PORT:-8087}:8080
-    healthcheck:
-      test: curl -fsS http://keycloak:8080/auth/health/ready -o - | grep UP
-      interval: 20s
-      timeout: 120s
-      retries: 10
- 
-  # *** POSTGRES ***
-  postgres:
-    image: postgres:${POSTGRES_IMAGE_TAG:-15-alpine}
-    profiles: ["core", "postgres", "controller"]
-    volumes:
-      - ${POSTGRES_HOST_DATA_DIR:-./data/pg_data}:/var/lib/postgresql/data
-    restart: always
-    # ports:
-    #  - ${POSTGRES_EXP_PORT:-5432}:5432
-    environment:
-      POSTGRES_DB: ${POSTGRES_DB:-k3k}
-      POSTGRES_USER: ${POSTGRES_USER:-ot}
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
- 
-  # *** AUTOHEAL ***
-  autoheal:
-    image: willfarrell/autoheal:${AUTOHEAL_IMAGE_TAG:-latest}
-    profiles: ["core", "keycloak", "postgres", "rabbit", "web-frontend", "controller", "janus"]
-    restart: always
-    environment:
-      AUTOHEAL_CONTAINER_LABEL: all
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-
-  # *** RabbitMQ ***
-  rabbit:
-    image: rabbitmq:${RABBITMQ_IMAGE_TAG:-3.13-management-alpine}
-    profiles: ["core", "rabbit", "controller", "obelisk", "mail-worker", "recorder"]
-    restart: always
-    ports:
-      - ${RABBITMQ_EXP_NODE_PORT:-5672}:5672
-    # - ${RABBITMQ_EXP_UI_PORT:-15672}:15672
-    environment:
-      RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS: -rabbit consumer_timeout 30000
-    healthcheck:
-      test: rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms
-      interval: 10s
-      timeout: 15s
-      retries: 5
- 
-  # *** Redis ***
-  redis:
-    image: redis:${REDIS_IMAGE_TAG:-7-alpine}
-    profiles: ["core", "redis", "controller"]
-    restart: always
-    # ports:
-    #  - ${REDIS_EXP_PORT:-6379}:${REDIS_EXP_PORT:-6379}
- 
-  # *** Web-Frontend
-  web-frontend:
-    image: ${OT_FRONTEND_IMAGE_SRC:-registry.opencode.de/opentalk/web-frontend}:${OT_FRONTEND_IMAGE_TAG:-v1.5.0}
-    profiles: ["core", "web-frontend"]
-    restart: always
-    ports:
-      - ${OT_FRONTEND_EXP_PORT:-8080}:80
-    environment:
-      CONTROLLER_HOST: controller.${OT_DOMAIN:-opentalk.example.com}
-      BASE_URL: https://${OT_DOMAIN:-opentalk.example.com}
-      OIDC_ISSUER: https://accounts.${OT_DOMAIN:-opentalk.example.com}/auth/realms/${KC_REALM_ID:-opentalk}
-      OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-OtFrontend}
-      NDT_SERVER: ${NDT_SERVER:-ndt.example.com}
-      CHANGE_PASSWORD_URL: https://accounts.${OT_DOMAIN:-opentalk.example.com}/auth/realms/${KC_REALM_ID:-opentalk}/account/
-      ERROR_REPORT_ADDRESS: ${ERROR_REPORT_ADDRESS:-reports@example.com}
-      LIBRAVATAR_DEFAULT_IMAGE: ${LIBRAVATAR_DEFAULT_IMAGE:-identicon}
-      VIDEO_BACKGROUNDS: >-
-        [{
-          altText: 'OpenTalk',
-          url: '/assets/videoBackgrounds/elevate-bg.png',
-          thumb: '/assets/videoBackgrounds/thumbs/elevate-bg-thumb.png',
-        }]
-      IS_BETA_RELEASE: ${IS_BETA_RELEASE:-false}
-      FEATURE_USER_SEARCH: ${FEATURE_USER_SEARCH:-false}
-      FEATURE_TIMER: ${FEATURE_TIMER:-true}
-      FEATURE_WHITEBOARD: ${FEATURE_WHITEBOARD:-false}
-      FEATURE_PROTOCOL: ${FEATURE_PROTOCOL:-false}
-      FEATURE_RECORDING: ${FEATURE_RECORDING:-false}
-
-  # *** controller ***
-  controller:
-    image: ${OT_CONTROLLER_IMAGE_SRC:-registry.opencode.de/opentalk/controller}:${OT_CONTROLLER_IMAGE_TAG:-v0.5.0}
-    profiles: ["core", "controller"]
-    restart: always
-    depends_on:
-      keycloak:
-        condition: service_healthy
-      rabbit:
-        condition: service_healthy
-      janus:
-        condition: service_healthy
-      minio:
-        condition: service_healthy
-    ports:
-      - ${OT_CONTROLLER_EXP_PORT:-8090}:11311
-    volumes:
-      - ${OT_CONTROLLER_CONFIG_FILE:-./config/controller.toml}:/controller/config.toml
-
-  # *** minio ***
-  minio:
-    image: minio/minio:${MINIO_IMAGE_TAG:-RELEASE.2023-07-21T21-12-44Z}
-    profiles: ["core", "minio", "controller"]
-    restart: always
-    command: minio server /data
-    volumes:
-      - ./data/minio:/data
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
-      interval: 30s
-      timeout: 20s
-      retries: 3
-    environment:
-      MINIO_ROOT_USER: ${MINIO_ROOT_USER:-minioadmin}
-      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:-minioadmin}
-
-  # *** janus gateway***
-  janus:
-    image: ${JANUS_IMAGE_SRC:-registry.opencode.de/opentalk/janus-gateway}:${JANUS_IMAGE_TAG:-v1.1.4}
-    profiles: ["core", "janus"]
-    restart: always
-    network_mode: host
-    depends_on:
-      - rabbit
-    command:
-      - janus
-    environment:
-      WAITTIMEOUT: ${JANUS_WAITTIMEOUT:-30}
-      RABBITMQ_HOST: ${RABBITMQ_HOST:-rabbit}
-      RABBITMQ_PORT: ${RABBITMQ_EXP_NODE_PORT:-5672}
-      JANUS_DISABLE_WEBSOCKET: ${JANUS_DISABLE_WEBSOCKET:-true}
-      JANUS_DISABLE_HTTP: ${JANUS_DISABLE_HTTP:-true}
-      JANUS_EXCHANGE: ${JANUS_EXCHANGE:-janus-exchange}
-      JANUS_QUEUE_NAME: ${JANUS_QUEUE_NAME:-janus-gateway}
-      JANUS_EXCHANGE_TYPE: ${JANUS_EXCHANGE_TYPE:-topic}
-      JANUS_QUEUE_INCOMING: ${JANUS_QUEUE_INCOMING:-to-janus}
-      JANUS_ROUTING_KEY_OUTGOING: ${JANUS_ROUTING_KEY_OUTGOING:-from-janus}
-      JANUS_ICE_IF: ${JANUS_ICE_IF:-eth0}
-      JANUS_UDP_PORT_RANGE: ${JANUS_UDP_PORT_RANGE:-20000-25000}
-      JANUS_ICE_LITE: ${JANUS_ICE_LITE:-true}
-      JANUS_EVENT_LOOPS: ${JANUS_EVENT_LOOPS:-8}
-      JANUS_IGNORE_MDNS: ${JANUS_IGNORE_MDNS:-true}
-
-  # *** obelisk ***
-  obelisk:
-    image: ${OT_OBELISK_IMAGE_SRC:-registry.opencode.de/opentalk/obelisk}:${OT_OBELISK_IMAGE_TAG:-v0.3.0}
-    profiles: ["obelisk"]
-    network_mode: host
-    restart: always
-    depends_on:
-      rabbit:
-        condition: service_healthy
-      janus:
-        condition: service_healthy
-    environment:
-      RUST_LOG: ${RUST_LOG:-info}
-      GST_DEBUG: ${GST_DEBUG:-2}
-      CONTROLLER_DOMAIN: ${CONTROLLER_DOMAIN:-controller.$OT_DOMAIN}
-      SIP_ADDR: "${SIP_ADDR:-0.0.0.0}"
-      SIP_PORT: "${SIP_PORT:-5060}"
-      SIP_USER: "${SIP_USER:-mysipuser}"
-      SIP_PASSWORD: "${SIP_PASSWORD:-mysippw}"
-      SIP_REALM: "${SIP_REALM:-SIP_REALM}"
-      SIP_REGISTRAR: "${SIP_REGISTRAR:-sip:yoursipprovider.com}"
-      SIP_STUN_SERVER: "${SIP_STUN_SERVER:-stun.yoursipprovider.com:3478}"
-      SIP_ENFORCE_QOP: "${SIP_ENFORCE_QOP:-true}"
-      SIP_RTP_PORT_RANGE_START: "${SIP_RTP_PORT_RANGE_START:-40000}"
-      SIP_RTP_PORT_RANGE_END: "${SIP_RTP_PORT_RANGE_END:-49999}"
-
-  # *** mail worker ***
-  mail-worker:
-    image: ${OT_MAIL_WORKER_IMAGE_SRC:-registry.opencode.de/opentalk/smtp-mailer}:${OT_MAIL_WORKER_IMAGE_TAG:-v0.3.0}
-    profiles: ["mail-worker"]
-    restart: always
-    depends_on:
-      rabbit:
-        condition: service_healthy
-    #volumes:
-    #  - ${OT_MAIL_WORKER_CONFIG_FILE:-./config/mail-worker.toml}:/opt/smtp-mailer/config.toml
-    environment:
-      RUST_LOG: ${RUST_LOG:-info}
-      MAILER_SMTP__SERVER: "${SMTP_SERVER:-}"
-      MAILER_FRONTEND__BASE_URL: "https://$OT_DOMAIN"
-      MAILER_LANGUAGES__DEFAULT_LANGUAGE: "${LANGUAGES_DEFAULT_LANGUAGE:-de-DE}"
-      MAILER_RABBITMQ__MAIL_TASK_QUEUE: "${RABBITMQ_MAIL_TASK_QUEUE:-opentalk_mailer}"
-      MAILER_RABBITMQ__URL: "${RABBITMQ_URL:-amqp://rabbit/%2F}"
-
-  # *** spacedeck ***
-  spacedeck:
-    image: ${SD_IMAGE_SRC:-registry.opencode.de/opentalk/spacedeck}:${SD_IMAGE_TAG:-latest}
-    profiles: ["spacedeck"]
-    restart: always
-    environment:
-      SD_HOST: ${SD_HOST:-0.0.0.0}
-      SD_PORT: ${SD_PORT:-9666}
-      SD_ENDPOINT: ${SD_ENDPOINT:-}
-      SD_API_TOKEN: ${SD_API_TOKEN:-}
-      SD_INVITE_CODE: ${SD_INVITE_CODE:-}
-    ports:
-      - "${SD_EXP_PORT:-9666}:${SD_PORT:-9666}"
-
-  # *** etherpad ***
-  etherpad:
-    image: ${EP_IMAGE_SRC:-registry.opencode.de/opentalk/etherpad}:${EP_IMAGE_TAG:-latest}
-    profiles: ["etherpad"]
-    restart: always
-    environment:
-      EP_APIKEY: ${EP_APIKEY:-}
-      TRUST_PROXY: ${TRUST_PROXY:-true}
-    ports:
-      - "${EP_EXP_PORT:-9001}:${EP_PORT:-9001}"
-

lite/env.sample

-###---> Common variables
-# Domain name on wich you want to access the frontend
-OT_DOMAIN="example.com"
-POSTGRES_PASSWORD="<mydbpassword>"
-KEYCLOAK_ADMIN_PASSWORD="<mykeycloakadminpassword>"
-KC_CLIENT_SECRET="<mykeycloakclientsecret>"
-# If janus is running in "docker host mode" it needs a local host interface for rabbitmq to connect.
-# !!! DO NOT USE YOUR PUBLIC IP ADRESS !!!
-RABBITMQ_HOST="10.20.30.40"
-###<---
-
-COMPOSE_PROJECT_NAME="opentalk"
-COMPOSE_PROFILES="core"
-
-### Keycloak
-# KC_REALM_NAME="opentalk"
-# KC_REALM_ID="$KC_REALM_NAME"
-# KC_DOMAIN="$OT_DOMAIN"
-# KC_HOSTNAME="accounts.$OT_DOMAIN"
-# KC_REALM_DISPLAYNAME="$OT_DOMAIN"
-# KC_EXP_PORT=8087
-# KEYCLOAK_ADMIN="admin"
-# KC_HOST_DATA_DIR="./data/kc_data"
-# KC_HOST_POVIDER_DIR="./data/kc_provider"
-# KC_IMAGE_TAG="20.0.0"
-# KC_SPI_TRUSTSTORE_FILE_FILE="/opt/keycloak/cacerts"
-# KC_SPI_TRUSTSTORE_FILE_PASSWORD="changeit"
-# KC_HTTP_RELATIVE_PATH="/auth"
-# KC_PROXY="edge"
-
-### PostgreSQL 
-# POSTGRES_DB="k3k"
-# POSTGRES_USER="ot"
-# POSTGRES_IMAGE_TAG=13-alpine
-# POSTGRES_HOST_DATA_DIR="./data/pg_data"
-# POSTGRES_EXP_PORT="5432"
-
-### autoheal
-# AUTOHEAL_IMAGE_TAG="latest"
-
-### RabbitMQ
-# RABBITMQ_IMAGE_TAG=3.10-management-alpine
-# RABBITMQ_EXP_NODE_PORT="5672"
-# RABBITMQ_EXP_UI_PORT="15672"
-
-### Redis
-# REDIS_IMAGE_TAG="alpine"
-# REDIS_EXP_PORT="6379"
-
-### OpenTalk WEB frontend
-# OT_FRONTEND_IMAGE_SRC=git.opentalk.dev:5050/opentalk/k3k-web-frontend
-# OT_FRONTEND_IMAGE_TAG="v1"
-# OT_FRONTEND_EXP_PORT="8080"
-# OIDC_CLIENT_ID="OtFrontend"
-# NDT_SERVER="ndt.example.com"
-# ERROR_REPORT_ADDRESS="reports@example.com"
-# LIBRAVATAR_DEFAULT_IMAGE="identicon"
-# IS_BETA_RELEASE="false"
-# FEATURE_USER_SEARCH="false"
-# FEATURE_TIMER="true"
-
-### Controller
-# OT_CONTROLLER_IMAGE_SRC=git.opentalk.dev:5050/opentalk/controller-enterprise
-# OT_CONTROLLER_IMAGE_TAG="v0.1"
-# OT_CONTROLLER_EXP_PORT="8090"
-# OT_CONTROLLER_CONFIG_FILE="./config/controller.toml"
-# KC_CLIENT_ID="OtBackend"
-
-### minio
-# MINIO_ROOT_USER=minioadmin
-# MINIO_ROOT_PASSWORD=minioadmin
-
-### Janus
-# JANUS_IMAGE_SRC="git.opentalk.dev:5050/opentalk/ot-janus-gateway"
-# JANUS_IMAGE_TAG="latest"
-# JANUS_WAITTIMEOUT="30"
-# JANUS_DISABLE_WEBSOCKET="true"
-# JANUS_DISABLE_HTTP="true"
-# JANUS_EXCHANGE="janus-exchange"
-# JANUS_QUEUE_NAME="janus-gateway"
-# JANUS_EXCHANGE_TYPE="topic"
-# JANUS_QUEUE_INCOMING="to-janus"
-# JANUS_ROUTING_KEY_OUTGOING="from-janus"
-# JANUS_ICE_IF="eth0"
-# JANUS_UDP_PORT_RANGE="20000-25000"
-# JANUS_ICE_LITE="true"
-# JANUS_EVENT_LOOPS="32"
-# JANUS_IGNORE_MDNS="true"
-
-### Obelisk
-# OT_OBELISK_IMAGE_SRC=git.heinlein-video.de:5050/heinlein-video/k3k-obelisk
-# OT_OBELISK_IMAGE_TAG=latest
-# OT_OBELISK_CONFIG_FILE="./config/obelisk.toml"
-# RUST_LOG: info
-# GST_DEBUG: 2
-# CONTROLLER_DOMAIN="controller.$OT_DOMAIN"
-# SIP_ADDR="0.0.0.0"
-# SIP_PORT="5060"
-# SIP_USER="mysipuser"
-# SIP_PASSWORD="mysippw"
-# SIP_REALM="SIP_REALM"
-# SIP_REGISTRAR="sip:yoursipprovider.com"
-# SIP_STUN_SERVER="stun.yoursipprovider.com:3478"
-# SIP_ENFORCE_QOP="true"
-# SIP_RTP_PORT_RANGE_START="40000"
-# SIP_RTP_PORT_RANGE_END="49999"
-
-### mail-worker
-# OT_MAIL_WORKER_IMAGE_SRC=git.opentalk.dev:5050/opentalk/smtp-mailer
-# OT_MAIL_WORKER_IMAGE_TAG=latest
-# OT_MAIL_WORKER_CONFIG_FILE="./config/mail-worker.toml"
-# RUST_LOG="" ${RUST_LOG:-info}
-# SMTP_SERVER=""
-# FRONTEND_BASE_URL="https://$OT_DOMAIN"
-# LANGUAGES_DEFAULT_LANGUAGE="de-DE"
-# RABBITMQ_MAIL_TASK_QUEUE="opentalk_mailer"
-# RABBITMQ_URL="amqp://rabbit/%2F}"
-
-### spacedeck
-# SD_IMAGE_SRC=git.opentalk.dev:5050/opentalk/ot-spacedeck
-# SD_IMAGE_TAG=latest
-# SD_HOST=0.0.0.0
-# SD_PORT=9666
-# SD_EXP_PORT=9666
-# SD_ENDPOINT=
-# SD_API_TOKEN=
-# SD_INVITE_CODE=
-
-### etherpad
-# EP_IMAGE_SRC=git.opentalk.dev:5050/opentalk/backend/ot-etherpad
-# EP_IMAGE_TAG=latest
-# EP_APIKEY=
-# TRUST_PROXY=true
-# EP_PORT=9001
-# EP_EXP_PORT=9001
\ No newline at end of file

lite/extras/gen-common-params.sh

-#!/bin/bash
-
-# a simple shell script, to quickly generate commonly used config options
-
-if type "pwgen" > /dev/null; then
-  echo "###---> Common variables"
-  # print hostname
-  echo "# Domain name on wich you want to access the frontend"
-  echo "OT_DOMAIN=$(hostnamectl hostname)"
-  # gen secrets for postgresm keycloak admin and keycloak client
-  echo -e "\nPOSTGRES_PASSWORD=$(pwgen 24)\nKEYCLOAK_ADMIN_PASSWORD=$(pwgen 24)\nKC_CLIENT_SECRET=$(pwgen 24) \n"
-  # print ip adresses to use for rabbitmq connection
-  echo "# If janus is running in docker host mode it needs a local host interface for rabbitmq to connect."
-  echo "# Use only a SINGLE line/interface and uncomment it."
-  echo "# !!! DO NOT CHOOSE YOUR PUBLIC IP ADDRESS!!!"
-  for IP in $(ip -o -4 addr show | awk '{ split($4, ip_addr, "/"); print ip_addr[1] }'| grep -v '127.0.0.1'); do
-     echo "# RABBITMQ_HOST=${IP}"
-  done
-  echo "###<---"
-else
-  echo "the utility 'pwgen' needs to be installed."
-  exit 1  
-fi
\ No newline at end of file

lite/extras/nginx-samples/controller.conf.sample

-upstream controller {
-    server localhost:8090;
-}
-
-map $http_upgrade $connection_upgrade {
-        default upgrade;
-        ''      close;
-}
-
-server {
-    listen       80;
-    listen       [::]:80;
-    server_name  controller.example.com;
-
-    include snippets/letsencrypt.conf;
-
-    location / {
-        access_log off;
-        return 301 https://$server_name$request_uri;
-    }
-}
-
-server {
-    listen       443 ssl http2;
-    listen       [::]:443 ssl http2;
-    server_name  controller.example.com;
-
-    ssl_certificate         /etc/ssl/letsencrypt/crt/fullchain_controller.example.com.crt;
-    ssl_certificate_key     /etc/ssl/letsencrypt/key/controller.example.com.key;
-    ssl_trusted_certificate /etc/ssl/letsencrypt/crt/controller.example.com-intermediate.crt;
-
-    root controller.example.com;
-
-    include /etc/nginx/snippets/sslsettings.conf;
-
-    access_log  /var/log/nginx/https-access_controller.example.com.log;
-    error_log  /var/log/nginx/https-error_controller.example.com.log;
-
-    client_max_body_size 1G;
-
-    location / {
-        proxy_set_header X-Forwarded-For    $remote_addr;
-        proxy_set_header Upgrade            $http_upgrade;
-        proxy_set_header Connection         $connection_upgrade;
-        proxy_buffers                       8 8k;
-        proxy_buffer_size                   8k;
-
-        proxy_pass                          http://controller;
-    }
-}

lite/extras/nginx-samples/frontend.conf.sample

-upstream web-frontend {
-    server localhost:8080;
-}
-
-map $http_upgrade $connection_upgrade {
-        default upgrade;
-        ''      close;
-}
-
-server {
-    listen       80;
-    listen       [::]:80;
-    server_name  example.com;
-
-    include snippets/letsencrypt.conf;
-
-    location / {
-        access_log off;
-        return 301 https://$server_name$request_uri;
-    }
-}
-
-server {
-    listen       443 ssl http2;
-    listen       [::]:443 ssl http2;
-    server_name  example.com;
-
-    ssl_certificate         /etc/ssl/letsencrypt/crt/fullchain_example.com.crt;
-    ssl_certificate_key     /etc/ssl/letsencrypt/key/example.com.key;
-    ssl_trusted_certificate /etc/ssl/letsencrypt/crt/example.com-intermediate.crt;
-
-    root example.com;
-
-    include /etc/nginx/snippets/sslsettings.conf;
-
-    access_log  /var/log/nginx/https-access_example.com.log;
-    error_log  /var/log/nginx/https-error_example.com.log;
-
-
-    location / {
-        proxy_set_header X-Forwarded-For    $remote_addr;
-        proxy_set_header Upgrade            $http_upgrade;
-        proxy_set_header Connection         $connection_upgrade;
-        proxy_buffers                       8 8k;
-        proxy_buffer_size                   8k;
-
-        proxy_pass                          http://web-frontend;
-    }
-}
-

lite/extras/nginx-samples/keycloak.conf.sample

-upstream keycloak {
-    server localhost:8087;
-}
-
-map $http_upgrade $connection_upgrade {
-        default upgrade;
-        ''      close;
-}
-
-server {
-    listen       80;
-    listen       [::]:80;
-    server_name  accounts.example.com;
-
-    include snippets/letsencrypt.conf;
-
-    location / {
-        access_log off;
-        return 301 https://$server_name$request_uri;
-    }
-}
-
-server {
-    listen       443 ssl http2;
-    listen       [::]:443 ssl http2;
-    server_name  accounts.example.com;
-
-    ssl_certificate         /etc/ssl/letsencrypt/crt/fullchain_accounts.example.com.crt;
-    ssl_certificate_key     /etc/ssl/letsencrypt/key/accounts.example.com.key;
-    ssl_trusted_certificate /etc/ssl/letsencrypt/crt/accounts.example.com-intermediate.crt;
-
-    root accounts.example.com;
-
-    include /etc/nginx/snippets/sslsettings.conf;
-
-    access_log  /var/log/nginx/https-access_accounts.example.com.log;
-    error_log  /var/log/nginx/https-error_accounts.example.com.log;
-
-
-    location / {
-        proxy_set_header Host               $host;
-        proxy_set_header X-Real-IP          $remote_addr;
-        proxy_set_header X-Forwarded-Proto  $scheme;
-        proxy_set_header X-Forwarded-For    $remote_addr;
-        proxy_set_header Upgrade            $http_upgrade;
-        proxy_set_header Connection         $connection_upgrade;
-        proxy_buffers                       8 8k;
-        proxy_buffer_size                   8k;
-
-        proxy_pass                          http://keycloak;
-    }
-}
-

lite/extras/nginx-samples/snippets/letsencrypt.conf.sample

-location /.well-known/acme-challenge {
-    root /var/lib/letsencrypt;
-    default_type "text/plain";
-    try_files $uri =404;
-}
-

lite/extras/nginx-samples/snippets/sslsettings.conf.sample

-ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-
-ssl_protocols TLSv1.2 TLSv1.3;
-ssl_prefer_server_ciphers off;
-
-
-ssl_session_timeout 1d;
-ssl_session_cache shared:SSL:50m;
-ssl_session_tickets off;
-
-ssl_stapling on;
-ssl_stapling_verify on;
-
-add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-