Multi-image Discovery with PostgreSQL
Currently Corteza Discovery is tested on a running production servers in combination with PostgreSQL database, but should work with the latest MySQL versions.
Beside the |
If your Discovery is not working, try restarting the |
Configuration Files
docker-compose.yaml
version: '3.5'
services:
server:
image: cortezaproject/corteza:${VERSION}
env_file: [ .env ]
networks: [ proxy, internal ]
environment:
VIRTUAL_HOST: ${DOMAIN}
LETSENCRYPT_HOST: ${DOMAIN}
volumes:
- data:/data
restart: on-failure
db:
image: postgres:13
networks: [ internal ]
restart: on-failure
healthcheck: { test: ["CMD-SHELL", "pg_isready -U corteza"], interval: 10s, timeout: 5s, retries: 5 }
environment:
POSTGRES_USER: corteza
POSTGRES_PASSWORD: corteza
discovery:
image: cortezaproject/corteza-server-discovery:${VERSION}
env_file: [ .env ]
restart: always
depends_on:
- opensearch-node
- server
networks:
- proxy
- internal
environment:
VIRTUAL_HOST: ${DOMAIN_DISCOVERY}
LETSENCRYPT_HOST: ${DOMAIN_DISCOVERY}
ES_ADDRESS: "https://opensearch-node:9200"
ES_USERNAME: "admin"
ES_PASSWORD: "supersecurepassword75@!1A"
ES_SECURE: "false"
ES_INDEX_INTERVAL: 60
CORTEZA_SERVER_BASE_URL: "https://${DOMAIN}"
CORTEZA_SERVER_AUTH_URL: "https://${DOMAIN}/auth"
ports:
- "8888:80"
opensearch-node:
image: opensearchproject/opensearch:latest
networks:
- internal
ports:
- "9200:9200"
- "9600:9600"
environment:
- discovery.type=single-node
- plugins.security.ssl.http.enabled=true
- plugins.security.ssl.transport.enabled=true
- plugins.security.allow_default_init_securityindex=true
- plugins.security.disabled=false
- OPENSEARCH_INITIAL_ADMIN_PASSWORD=supersecurepassword75@!1A
volumes:
data:
networks:
internal:
proxy:
external: true
.env
########################################################################################################################
# General settings
DOMAIN=corteza.mydomain.org
VERSION=2024.9.3
DB_DSN=postgres://corteza:corteza@db:5432/corteza?sslmode=disable
########################################################################################################################
# Server settings
HTTP_WEBAPP_ENABLED=true
HTTP_WEBAPP_LIST="compose,admin,workflow,reporter,discovery"
AUTH_JWT_SECRET=supersecurejwtsecret
LOG_LEVEL=debug
########################################################################################################################
# Discovery settings
DISCOVERY_ENABLED="true"
DISCOVERY_BASE_URL="https://corteza-discovery.mydomain.org"
DISCOVERY_INDEXER_ENABLED=true
DISCOVERY_SEARCHER_ENABLED=true
DISCOVERY_SEARCHER_JWT_SECRET=supersecurejwtsecret
DOMAIN_DISCOVERY=corteza-discovery.mydomain.org
DISCOVERY_CORTEZA_DOMAIN=https://corteza.mydomain.org
DISCOVERY_INDEXER_PRIVATE_INDEX_CLIENT_KEY="111111111111111111"
DISCOVERY_INDEXER_PRIVATE_INDEX_CLIENT_SECRET="supersecretsupersecretsupersecret"
DISCOVERY_INDEXER_PROTECTED_INDEX_CLIENT_KEY="111111111111111111"
DISCOVERY_INDEXER_PROTECTED_INDEX_CLIENT_SECRET="supersecretsupersecretsupersecret"
DISCOVERY_INDEXER_PUBLIC_INDEX_CLIENT_KEY="111111111111111111"
DISCOVERY_INDEXER_PUBLIC_INDEX_CLIENT_SECRET="supersecretsupersecretsupersecret"
DISCOVERY_SEARCHER_CLIENT_KEY="111111111111111111"
DISCOVERY_SEARCHER_CLIENT_SECRET="supersecretsupersecretsupersecret"
Preparing Corteza
Corteza Discovery is a stand alone application, independent from the rest of the Corteza system. In order to make Discovery functional, you must grant access by creating an auth client along with a user and a role.
Access control defines what data the Discovery indexer has access to. |
Indexer Role
Firstly define a new role for the Discovery indexer to use. Open the Corteza Admin web application and navigate to
. Click on the New button, fill in the parameters and click on the Submit button.Indexer User
Next, define a new user that the Discovery indexer should identify as. In the Corteza Admin web application navigate to
. Click on the New button and fill in the parameters and click on the Submit button.After you save the user, assign them the role you’ve created earlier.
Indexer Auth Client
Lastly, define an auth client that the Discovery indexer should use to authenticate with Corteza.
Since authentication between two systems is being performed, you should to use the |
In the Corteza Admin web application navigate to client_credentials
grant type and check the allow client access to Corteza Discovery API on behalf of user
.
Select the previously created user in the impersonate user
input and click on the Submit button.
It is recommended you define a new auth client for a new external application instead of reusing existing ones. |