postgREST : OK

2025-10-14 21:11:54 +02:00
parent aae433a168
commit 1311068103
13 changed files with 1854 additions and 47 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,9 +1,20 @@
 # PostgreSQL
 PG_PASSWORD=!ChangeMe!
 #pgAdmin
-ADMIN_EMAIL=user@email.org
+PGADMIN_EMAIL=user@email.org
-ADMIN_PASSWORD=!ChangeMe!
+PGADMIN_PASSWORD=!ChangeMe!
 # CouchDB
 COUCHDB_USER=admin
 COUCHDB_PASSWORD=!ChangeMe!
 # MongoDB
 MONGODB_USER=admin
 MONGODB_PASSWORD=!ChangeMe!
 # Redis
 REDIS_PASSWORD=!ChangeMe!
 # Neo4J
 NEO4J_PASSWORD=!ChangeMe!
--- a/README.md
+++ b/README.md
@@ -48,7 +48,7 @@ Les solutions pour réaliser un reverse proxy sont généralement [Traefik](http
 **Caddy** se démarque par sa grande simplicité : il se configure presque entièrement à partir de labels Docker et gère automatiquement la création de certificat HTTPS, ce qui le rend idéal pour les environnements de développement ou les projets personnels.
-**Traefik**, de son côté, est plus complet et mieux adapté aux environnements de production complexes : il offre un tableau de bord intégré, une gestion fine du routage, et s’intègre parfaitement avec des orchestrateurs comme Docker Swarm ou Kubernetes.
+**Traefik**, de son côté, est plus complet et mieux adapté aux environnements de production complexes : il offre une gestion fine du routage, et s’intègre parfaitement avec des orchestrateurs comme Docker Swarm ou Kubernetes.
 **Nginx Proxy Manager** propose une approche visuelle grâce à son interface web d’administration. Il est apprécié des utilisateurs qui préfèrent tout configurer par le navigateur, mais il reste moins automatisé que Caddy et moins flexible que Traefik pour les infrastructures dynamiques.
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,10 +1,9 @@
 services:
 # ----------------------------------------------------------------------
-# Proxy
+# Proxy inverse
 #
 # ----------------------------------------------------------------------
 # Caddy
 # Web server, load balancer, and reverse proxy
 # https://caddyserver.com/
@@ -27,8 +26,8 @@ services:
    labels:
      caddy: "static.localhost"
      caddy.root: "* /srv/www"
-      caddy.file_server: ""
+      caddy.file_server: ""      # Active le serveur de fichiers statiques
-      caddy.tls: internal
+      caddy.tls: internal        # HTTPS auto-signé géré par Caddy
  whoami:
    image: traefik/whoami
@@ -45,7 +44,6 @@ services:
 # Base de données relationnelles
 #
 # ----------------------------------------------------------------------
  database:
    image: iut/pgsql:2025-12
    environment:
@@ -58,6 +56,8 @@ services:
      - ./data:/tmp:z
    ports:
      - "5432:5432"
    networks:
      - caddy_net
    healthcheck:
      test: ["CMD", "pg_isready", "--username", "${COMPOSE_PROJECT_NAME}", "--dbname", "${COMPOSE_PROJECT_NAME}"]
      interval: 10s
@@ -65,15 +65,20 @@ services:
      retries: 5
      start_period: 20s
 # ----------------------------------------------------------------------
 # Administration
 #
 # ----------------------------------------------------------------------
 # pgAdmin
 # Rich administration and development platform for PostgreSQL.
 # https://www.pgadmin.org/
  pgadmin:
    image: dpage/pgadmin4:9.8
    depends_on:
      database:
        condition: service_healthy
      caddy:
        condition: service_started
    restart: "no"
    configs:
      - source: pgadmin_config
@@ -95,7 +100,6 @@ services:
 # Documents
 #
 # ----------------------------------------------------------------------
 # CouchDB
 # Single-node document database
 # https://couchdb.apache.org/
@@ -103,11 +107,13 @@ services:
    image: couchdb:3.5
    volumes:
      - couchdb_data:/opt/couchdb/data
    ports:
      - "5984:5984"
    environment:
      COUCHDB_USER: ${COUCHDB_USER}
      COUCHDB_PASSWORD: ${COUCHDB_PASSWORD}
    labels:
      caddy: couchdb.localhost
      caddy.reverse_proxy: "{{upstreams 5984}}"
      caddy.tls: internal
 # MongoDB
 #
@@ -152,19 +158,23 @@ services:
  neo4j:
    image: neo4j:5.26.12-community
    ports:
      - 7474:7474
      - 7687:7687
    volumes:
      - neo4j_data:/data
      - neo4j_logs:/logs
    environment:
      NEO4J_dbms_connector_https_enabled: "false"
-      NEO4J_AUTH: neo4j/${DB_ROOT_PASSWORD:-!ChangeMe!}
+      NEO4J_AUTH: neo4j/${NEO4J_PASSWORD:-!ChangeMe!}
    networks:
      - caddy_net
    labels:
      caddy: neo4j.localhost
      caddy.reverse_proxy: "{{upstreams 7474}}"
      caddy.tls: internal
 # PostGraphile
 # Instant GraphQL API
 # https://www.graphile.org/postgraphile/
  postgraphile:
    image: iut/postgraphile:2025-12
    restart: "no"
@@ -182,25 +192,23 @@ services:
        "--append-plugins",
        "postgraphile-plugin-connection-filter,postgraphile-plugin-fulltext-filter,@graphile/postgis,postgraphile-plugin-connection-filter-postgis"
      ]
    ports:
      - 3006:5000
    networks:
      - caddy_net
    environment:
-      - PGHOST=${POSTGRAPHILE_HOST:-postgresql}
+      - PGHOST=${POSTGRAPHILE_HOST:-database}
      - PGPORT=${POSTGRAPHILE_DB_PORT:-5432}
      - PGUSER=${POSTGRAPHILE_DB_USER:-postgraphile}
-      - PGPASSWORD=${DB_PASSWORD:-!ChangeMe!}
+      - PGPASSWORD=${POSTGRAPHILE_PASSWORD:-9013}
      - PGDATABASE=${COMPOSE_PROJECT_NAME}
    labels:
      caddy: postgraphile.localhost
      caddy.reverse_proxy: "{{upstreams 5000}}"
      caddy.tls: internal
 # ----------------------------------------------------------------------
 # Web API
 #
 # ----------------------------------------------------------------------
 # PostgREST
 # Serve a fully RESTful API from any existing PostgreSQL database.
 # It provides a cleaner, more standards-compliant, faster API than you are likely to write from scratch.
@@ -211,11 +219,13 @@ services:
    depends_on:
      database:
        condition: service_healthy
      caddy:
        condition: service_started
    command: postgrest
    environment:
      PGRST_DB_URI: postgres://${POSTGREST_USER:-postgrest}:${POSTGREST_PASSWORD}@${POSTGREST_HOST:-database}:${POSTGREST_DB_PORT:-5432}/${COMPOSE_PROJECT_NAME}
      PGRST_DB_SCHEMAS: ${POSTGREST_DB_SCHEMAS:-public}
-      PGRST_DB_ANON_ROLE: ${POSTGREST_DB_ANON_ROLE:-role_web}
+      PGRST_DB_ANON_ROLE: ${POSTGREST_DB_ANON_ROLE:-anonyme}
      PGRST_JWT_SECRET: ${POSTGREST_JWT_SECRET:-ChangeMeChangeMeChangeMeChangeMe}
      PGRST_ADMIN_SERVER_PORT: 3055
      PGRST_SERVER_PORT: 80
@@ -236,7 +246,7 @@ services:
      API_REFERENCE_CONFIG: |
        {
          "sources":[
-            { "url": "https://postgrest/?format=json" }
+            { "url": "https://postgrest.localhost" }
          ],
          "theme": "purple"
        }
@@ -354,11 +364,11 @@ services:
      caddy: rabbitmq.localhost
      caddy.reverse_proxy: "{{upstreams 15672}}"
      caddy.tls: internal
 # ----------------------------------------------------------------------
 # Observabilité - Télémétrie
 #
 # ----------------------------------------------------------------------
 # Grafana
 # Open source analytics & monitoring solution for every database.
 # https://grafana.com/
@@ -370,8 +380,8 @@ services:
        limits:
          memory: 100M
    configs:
-      - source: grafana_datasources
+      - source: grafana_provisioning
-        target: /etc/grafana/provisioning/datasources
+        target: /etc/grafana/provisioning
      - source: grafana_dashboards
        target: /etc/grafana/dashboards
    volumes:
@@ -428,12 +438,12 @@ volumes:
 configs:
  pgadmin_config:
    file: ./pgadmin-servers.json
-  grafana_datasources:
+  grafana_provisioning:
-    file: ./grafana/provisionning/datasources
+    file: ./grafana/provisioning
  grafana_dashboards:
-    file: ./grafana/provisionning/dashboards
+    file: ./grafana/dashboards
  prometheus_config:
-    file: ./prometheus
+    file: ./prometheus.yml
 networks:
  caddy_net:
--- a/couchdb.http
+++ b/couchdb.http
@@ -0,0 +1,41 @@
@couchDB = http://{{$dotenv COUCHDB_USER}}:{{$dotenv COUCHDB_PASSWORD}}@couchdb.localhost
 GET {{couchDB}}/_all_dbs
 ### Creates a new database.
 PUT {{couchDB}}/db
 ### Creates a new document in the specified database, using the supplied JSON document structure.
 POST {{couchDB}}/db
 Accept: application/json
 Content-Type: application/json
 {
  "servings": 4,
  "subtitle": "Delicious with fresh bread",
  "title": "Fish Stew"
 }
 ###
 GET {{couchDB}}/db/_all_docs
 ###
 GET {{couchDB}}/db/74913d6d85b8af1d174baf3fe5000507
 ###
 POST {{couchDB}}/db/_find
 Accept: application/json
 Content-Type: application/json
 Content-Length: 168
 Host: localhost:5984
 {
    "selector": {
        "year": {"$gt": 2010}
    },
    "fields": ["_id", "_rev", "year", "title"],
    "sort": [{"year": "asc"}],
    "limit": 2,
    "skip": 0,
    "execution_stats": true
 }
--- a/data/index.html
+++ b/data/index.html
@@ -1,7 +1,7 @@
 <!doctype html>
-<html>
+<html lang="fr">
  <head>
-    <title>Scalar API Reference</title>
+    <title>Base de données</title>
    <meta charset="utf-8" />
    <meta
      name="viewport"
@@ -9,19 +9,13 @@
  </head>
  <body>
-    <div id="app"></div>
+    <h1>Base de données</h1>
-    <!-- Load the Script -->
+    <ul>
-    <script src="https://cdn.jsdelivr.net/npm/@scalar/api-reference"></script>
+      <li><a href="//whoami.localhost">whoami</a></li>
-
+      <li><a href="//pgadmin.localhost">pgAdmin</a></li>
-    <!-- Initialize the Scalar API Reference -->
+      <li><a href="//postgraphile.localhost/graphiql">PostGraphile</a></li>
-    <script>
+      <li><a href="//scalar.localhost">Scalar</a></li>
-      Scalar.createApiReference('#app', {
+    </ul>
        // The URL of the OpenAPI/Swagger document
        url: 'https://registry.scalar.com/@scalar/apis/galaxy/latest?format=json',
        // Avoid CORS issues
        proxyUrl: 'https://proxy.scalar.com',
      })
    </script>
  </body>
 </html>
--- a/grafana/dashboards/docker.json
+++ b/grafana/dashboards/docker.json
@@ -0,0 +1,145 @@
 {
  "annotations": {
    "list": [
      {
        "builtIn": 1,
        "datasource": {
          "type": "grafana",
          "uid": "-- Grafana --"
        },
        "enable": true,
        "hide": true,
        "iconColor": "rgba(0, 211, 255, 1)",
        "name": "Annotations & Alerts",
        "type": "dashboard"
      }
    ]
  },
  "editable": true,
  "fiscalYearStartMonth": 0,
  "graphTooltip": 0,
  "id": 2,
  "links": [],
  "panels": [
    {
      "datasource": {
        "type": "prometheus",
        "uid": "PBFA97CFB590B2093"
      },
      "fieldConfig": {
        "defaults": {
          "color": {
            "mode": "palette-classic"
          },
          "custom": {
            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
            "axisPlacement": "auto",
            "barAlignment": 0,
            "drawStyle": "line",
            "fillOpacity": 0,
            "gradientMode": "none",
            "hideFrom": {
              "legend": false,
              "tooltip": false,
              "viz": false
            },
            "insertNulls": false,
            "lineInterpolation": "linear",
            "lineWidth": 1,
            "pointSize": 5,
            "scaleDistribution": {
              "type": "linear"
            },
            "showPoints": "auto",
            "spanNulls": false,
            "stacking": {
              "group": "A",
              "mode": "none"
            },
            "thresholdsStyle": {
              "mode": "off"
            }
          },
          "mappings": [],
          "thresholds": {
            "mode": "absolute",
            "steps": [
              {
                "color": "green",
                "value": null
              },
              {
                "color": "red",
                "value": 80
              }
            ]
          }
        },
        "overrides": []
      },
      "gridPos": {
        "h": 8,
        "w": 12,
        "x": 0,
        "y": 0
      },
      "id": 1,
      "options": {
        "legend": {
          "calcs": [],
          "displayMode": "list",
          "placement": "bottom",
          "showLegend": true
        },
        "tooltip": {
          "mode": "single",
          "sort": "none"
        }
      },
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "PBFA97CFB590B2093"
          },
          "disableTextWrap": false,
          "editorMode": "builder",
          "expr": "rate(process_cpu_seconds_total[$__rate_interval])",
          "fullMetaSearch": false,
          "includeNullMetadata": false,
          "instant": false,
          "legendFormat": "__auto",
          "range": true,
          "refId": "A",
          "useBackend": false
        }
      ],
      "title": "Panel Title",
      "type": "timeseries"
    }
  ],
  "schemaVersion": 39,
  "tags": [],
  "templating": {
    "list": []
  },
  "time": {
    "from": "now-15m",
    "to": "now"
  },
  "timepicker": {
    "refresh_intervals": [
      "30s",
      "1m",
      "5m"
    ]
  },
  "timezone": "browser",
  "title": "Docker",
  "uid": "edt08ssgt6v40e",
  "version": 4,
  "weekStart": ""
 }
--- a/grafana/dashboards/docker_old.json
+++ b/grafana/dashboards/docker_old.json
--- a/grafana/provisioning/dashboards/providers.yml
+++ b/grafana/provisioning/dashboards/providers.yml
@@ -0,0 +1,11 @@
 apiVersion: 1
 providers:
  - name: dashboards
    type: file
    disableDeletion: false
    updateIntervalSeconds: 3600
    allowUiUpdates: false
    options:
      path: /etc/grafana/dashboards
      foldersFromFilesStructure: true
--- a/postgis/postgis.sql
+++ b/postgis/postgis.sql
@@ -1,3 +1,5 @@
 set SEARCH_PATH to postgis,public;
 create table point (
  id serial primary key,
  nom text not null,
--- a/postgresql-entrypoint-initdb.d/11_postgraphile.sql
+++ b/postgresql-entrypoint-initdb.d/11_postgraphile.sql
@@ -1 +1,2 @@
-create role postgraphile inherit login password 'motdepasse';
+create role postgraphile nosuperuser nocreatedb nocreaterole noinherit noreplication nobypassrls
  login password '9013';
--- a/postgresql-entrypoint-initdb.d/1_initdb.sql
+++ b/postgresql-entrypoint-initdb.d/1_initdb.sql
@@ -1,9 +1,12 @@
 show server_version;
 select * from pg_available_extensions;
 create schema postgis;
 create extension if not exists postgis schema postgis;
 create extension if not exists pgrouting schema postgis;
 create extension if not exists ltree;
 create extension if not exists pgtap;
 create extension if not exists postgis;
 create extension if not exists pgrouting;
 create extension if not exists pgcrypto;
 create table adherent (
--- a/postgrest.http
+++ b/postgrest.http
@@ -0,0 +1,4 @@
 GET https://postgrest.localhost
 ###
 GET https://postgrest.localhost/region
--- a/prometheus.yml
+++ b/prometheus.yml
@@ -0,0 +1,22 @@
 global:
  scrape_interval: 15s     # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
  scrape_timeout: 10s      # scrape_timeout is set to the global default (10s).
 scrape_configs:
  - job_name: docker
    static_configs:
      - targets:
        - 'host.docker.internal:9323'
  - job_name: prometheus
    static_configs:
      - targets:
         - '127.0.0.1:9090'
  - job_name: minio
    metrics_path: /minio/v2/metrics/bucket
    scheme: http
    static_configs:
      - targets:
        - 'minio:9000'
`@@ -1 +1,2 @@`
	`create role postgraphile inherit login password 'motdepasse';`	`create role postgraphile nosuperuser nocreatedb nocreaterole noinherit noreplication nobypassrls`
		`login password '9013';`