npm - freeschema - Versions diffs - 1.0.0 - Mend

freeschema 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/bin/freeschema.js +207 -0
package/package.json +18 -0
package/templates/.env.example +123 -0
package/templates/.env.frontend.example +22 -0
package/templates/docker-compose.yml +279 -0
package/templates/mosquitto/config/mosquitto.conf +11 -0
package/templates/my_custom.cnf +54 -0
package/templates/nginx/nginx.conf.template +330 -0
package/templates/nginx/vccs-app.conf +21 -0
package/templates/nginx/wico-app.conf +21 -0

package/bin/freeschema.js ADDED Viewed

@@ -0,0 +1,207 @@
+#!/usr/bin/env node
+'use strict';
+const { spawnSync } = require('child_process');
+const fs = require('fs');
+const path = require('path');
+const VERSION = require('../package.json').version;
+const TEMPLATES_DIR = path.join(__dirname, '..', 'templates');
+const args = process.argv.slice(2);
+const command = args[0];
+// ── helpers ──────────────────────────────────────────────────────────────────
+function die(msg) {
+  console.error(`\nError: ${msg}\n`);
+  process.exit(1);
+}
+function copyRecursive(src, dest) {
+  if (fs.statSync(src).isDirectory()) {
+    if (!fs.existsSync(dest)) fs.mkdirSync(dest, { recursive: true });
+    for (const entry of fs.readdirSync(src)) {
+      copyRecursive(path.join(src, entry), path.join(dest, entry));
+    }
+  } else {
+    fs.copyFileSync(src, dest);
+  }
+}
+function runCompose(composeArgs) {
+  const cwd = process.cwd();
+  if (!fs.existsSync(path.join(cwd, 'docker-compose.yml'))) {
+    die('No docker-compose.yml found in the current directory.\nRun `freeschema init` first.');
+  }
+  const result = spawnSync('docker', ['compose', ...composeArgs], {
+    stdio: 'inherit',
+    cwd,
+  });
+  if (result.error) die(`Could not run docker: ${result.error.message}`);
+  if (result.status !== 0) process.exit(result.status);
+}
+// ── commands ──────────────────────────────────────────────────────────────────
+function cmdInit() {
+  const target = process.cwd();
+  console.log(`Initializing FreeSchema in ${target}\n`);
+  for (const entry of fs.readdirSync(TEMPLATES_DIR)) {
+    const src  = path.join(TEMPLATES_DIR, entry);
+    const dest = path.join(target, entry);
+    if (fs.existsSync(dest)) {
+      console.log(`  skip  ${entry}  (already exists)`);
+      continue;
+    }
+    copyRecursive(src, dest);
+    console.log(`  create ${entry}`);
+  }
+  // .env from example if not present
+  const envFile    = path.join(target, '.env');
+  const envExample = path.join(target, '.env.example');
+  if (!fs.existsSync(envFile) && fs.existsSync(envExample)) {
+    fs.copyFileSync(envExample, envFile);
+    console.log('  create .env  (copied from .env.example)');
+  }
+  // .env.frontend from example if not present
+  const envFrontend        = path.join(target, '.env.frontend');
+  const envFrontendExample = path.join(target, '.env.frontend.example');
+  if (!fs.existsSync(envFrontend) && fs.existsSync(envFrontendExample)) {
+    fs.copyFileSync(envFrontendExample, envFrontend);
+    console.log('  create .env.frontend  (copied from .env.frontend.example)');
+  }
+  console.log(`
+Done! Next steps:
+  1. Edit .env with your database, MQTT, SMTP, and JWT settings
+  2. (Optional) Add SQL seed files to seed-db/
+  3. Run one of:
+       freeschema start                        # external DB + MQTT
+       freeschema start --local-db             # spin up local MySQL
+       freeschema start --local-db --local-mqtt  # spin up MySQL + MQTT broker
+`);
+}
+function cmdStart() {
+  const profiles = [];
+  const flags    = args.slice(1);
+  if (flags.includes('--local-db')   || flags.includes('--db'))   profiles.push('--profile', 'local-db');
+  if (flags.includes('--local-mqtt') || flags.includes('--mqtt')) profiles.push('--profile', 'local-mqtt');
+  console.log('Pulling latest FreeSchema images…');
+  runCompose([...profiles, 'pull']);
+  console.log('\nStarting FreeSchema services…');
+  runCompose([...profiles, 'up', '-d']);
+  console.log('\nFreeSchema is running.');
+  console.log('  Logs:   freeschema logs');
+  console.log('  Status: freeschema status');
+  console.log('  Stop:   freeschema stop');
+}
+function cmdStop() {
+  console.log('Stopping FreeSchema services…');
+  runCompose(['down']);
+}
+function cmdRestart() {
+  const service = args[1];
+  service ? runCompose(['restart', service]) : runCompose(['restart']);
+}
+function cmdStatus() {
+  runCompose(['ps']);
+}
+function cmdLogs() {
+  const service    = args[1];
+  const follow     = !args.includes('--no-follow');
+  const logArgs    = ['logs'];
+  if (follow) logArgs.push('--follow');
+  if (service) logArgs.push(service);
+  runCompose(logArgs);
+}
+function cmdPull() {
+  console.log('Pulling latest FreeSchema images…');
+  runCompose(['pull']);
+  console.log('\nDone. Run `freeschema restart` to apply.');
+}
+function cmdDown() {
+  const withVolumes = args.includes('--volumes') || args.includes('-v');
+  if (withVolumes) {
+    console.log('Removing containers and volumes…');
+    runCompose(['down', '--volumes']);
+  } else {
+    console.log('Removing containers…');
+    runCompose(['down']);
+  }
+}
+function cmdHelp() {
+  console.log(`
+FreeSchema CLI v${VERSION}
+Usage:
+  freeschema <command> [options]
+Commands:
+  init                  Copy config files into the current directory
+  start                 Pull latest images and start all services
+    --local-db          Also start the bundled MySQL container
+    --local-mqtt        Also start the bundled MQTT broker
+  stop                  Stop all running services
+  restart [service]     Restart all services, or a single one
+  status                Show container status (docker compose ps)
+  logs [service]        Stream logs for all services, or one
+    --no-follow         Print logs without following
+  pull                  Pull latest Docker images without restarting
+  down [-v]             Remove containers (add -v to also remove volumes)
+Examples:
+  freeschema init
+  freeschema start --local-db --local-mqtt
+  freeschema logs wico-server
+  freeschema restart node-server
+  freeschema down -v
+`);
+}
+// ── dispatch ──────────────────────────────────────────────────────────────────
+switch (command) {
+  case 'init':    cmdInit();    break;
+  case 'start':   cmdStart();   break;
+  case 'stop':    cmdStop();    break;
+  case 'restart': cmdRestart(); break;
+  case 'status':  cmdStatus();  break;
+  case 'logs':    cmdLogs();    break;
+  case 'pull':    cmdPull();    break;
+  case 'down':    cmdDown();    break;
+  case '--version':
+  case '-v':
+    console.log(VERSION);
+    break;
+  case '--help':
+  case '-h':
+  case undefined:
+    cmdHelp();
+    break;
+  default:
+    console.error(`Unknown command: ${command}`);
+    cmdHelp();
+    process.exit(1);
+}

package/package.json ADDED Viewed

@@ -0,0 +1,18 @@
+{
+  "name": "freeschema",
+  "version": "1.0.0",
+  "description": "FreeSchema — self-hosted deployment CLI",
+  "keywords": ["freeschema", "self-hosted", "docker"],
+  "homepage": "https://freeschema.com",
+  "license": "MIT",
+  "bin": {
+    "freeschema": "./bin/freeschema.js"
+  },
+  "files": [
+    "bin/",
+    "templates/"
+  ],
+  "engines": {
+    "node": ">=16.0.0"
+  }
+}

package/templates/.env.example ADDED Viewed

@@ -0,0 +1,123 @@
+# ====================================
+# APPLICATION SETTINGS
+# ====================================
+JWT_SECRET=""
+LICENSE_KEY=
+MFTSCCS_AI_URL=
+WIDGETS={"documentationWidget":0}
+# ====================================
+# DATABASE CONFIGURATION
+# ====================================
+# Database Mode: "local" or "external"
+# - local: Use Docker MySQL container (requires --local-db flag)
+# - external: Use external MySQL server (AWS RDS, Azure, Google Cloud SQL, self-hosted)
+DB_MODE=local
+# ─────────────────────────────────────────────────────────────
+# ACTIVE DATABASE CONNECTION (Used by services)
+# ─────────────────────────────────────────────────────────────
+# === LOCAL MODE (default) ===
+DB_HOST=mysql-server
+DB_PORT=3306
+DB_USER=freeschema
+DB_PASSWORD=Freeschema@123
+DB_DATABASE=freeschema_db
+DB_SESSION_DATABASE=sessions_db
+# === EXTERNAL MODE (uncomment and modify when DB_MODE=external) ===
+# DB_HOST=your-external-db-host.com
+# DB_PORT=3306
+# DB_USER=your-db-user
+# DB_PASSWORD=your-db-password
+# DB_DATABASE=your-database-name
+# DB_SESSION_DATABASE=your-session-database
+# ─────────────────────────────────────────────────────────────
+# LOCAL DOCKER MYSQL SETTINGS
+# ─────────────────────────────────────────────────────────────
+MYSQL_PORT=3308
+MYSQL_ROOT_PASSWORD=Admin@Freeschema123
+MYSQL_USER=freeschema
+MYSQL_PASSWORD=Freeschema@123
+MYSQL_DATABASE=freeschema_db
+MYSQL_SESSION_DATABASE=sessions_db
+# MySQL Performance Settings
+MYSQL_MAX_CONNECTIONS=10000
+MYSQL_INNODB_BUFFER_POOL_SIZE=3G
+MYSQL_INNODB_LOG_BUFFER_SIZE=128M
+MYSQL_INNODB_REDO_LOG_CAPACITY=2G
+# ====================================
+# MQTT BROKER CONFIGURATION
+# ====================================
+MQTT_USERNAME=freeschema
+MQTT_PASSWORD=freeschema
+MQTT_HOST=localhost
+MQTT_PORT=1884
+MQTT_ALLOW_ANONYMOUS=true
+MQTT_PERSISTENCE=true
+# ====================================
+# SERVICE PORTS CONFIGURATION
+# ====================================
+ACCESS_CONTROL_PORT=7070
+WICO_PORT=7071
+NODE_SERVER_PORT=5051
+NODE_CACHE_SERVER_PORT=5055
+LOG_SERVER_PORT=5050
+NGINX_PORT=80
+NGINX_SSL_PORT=443
+CORS_ORIGIN=*
+# ====================================
+# FTP CONFIGURATION
+# ====================================
+FTP_IMAGE_UPLOAD_API_URL=
+FTP_SERVER_URL=
+FTP_USERNAME=
+FTP_PASSWORD=
+# ====================================
+# SMTP SETTINGS
+# ====================================
+SMTP_HOST=
+SMTP_USERNAME=
+SMTP_PASSWORD=
+SMTP_PORT=
+SMTP_FROM_ADDRESS=
+# ====================================
+# OAUTH & INTEGRATIONS
+# ====================================
+LINKEDIN_CLIENT_ID=""
+LINKEDIN_SECRET=""
+# ====================================
+# PAYMENT GATEWAY (STRIPE)
+# ====================================
+STRIPE_SECRET=""
+WEBHOOK_KEY=""
+STRIPE_TEST_SECRET=""
+WEBHOOK_TEST_KEY=""
+# ====================================
+# CACHE SERVERS
+# ====================================
+CACHE_SERVERS=[{"server":"http://localhost/cache-api","lat":40.7128,"lon":-74.0060}]
+# ====================================
+# ENVIRONMENT SETTINGS
+# ====================================
+NODE_ENV=production
+ASPNETCORE_ENVIRONMENT=Production
+DISABLE_SWAGGER=true
+# ====================================
+# CLIENT CREDENTIALS (Optional)
+# ====================================
+CLIENT_ID=
+CLIENT_SECRET=

package/templates/.env.frontend.example ADDED Viewed

@@ -0,0 +1,22 @@
+VITE_BASE_URL=/node-api/api/v1
+VITE_BASE_NODE_URL=/node-api
+VITE_BOOM_URL=/wico-api
+VITE_AI_URL=https://www.devai.freeschema.com/api
+VITE_CLIENT_ID=852081598920-nv82tkhbiiklg0790q12m8o7v1co9f7i.apps.googleusercontent.com
+VITE_LOGSERVER=/log-api
+VITE_ENABLE_SW=false
+VITE_ACCESS_CONTROL_URL=/access-control-api
+VITE_DISCUSSION_COMMUNITY=100000609
+VITE_AI_WIDGET=100000684
+VITE_VISUAL_PROTOTYPE_WIDGET=100000701
+VITE_VIDEO_TUTORIAL_WIDGET=100000712
+VITE_SUBSCRIPTION_ID=100000741
+VITE_DOCUMENTATION_PREVIEW_WIDGET=100000767
+VITE_FOLDER_WIDGET=100000812
+VITE_ASSETS_WIDGET=100000874
+VITE_TRANSFER_WIDGET=100000992
+VITE_DEPLOY_URL=
+VITE_AGENT_URL=https://wico-ai.freeschema.com
+VITE_BASE_ROUTE=/wico
+VITE_DEV_BASE=http://localhost:5173
+VITE_CDN_BASE=https://cdn.jsdelivr.net/gh/nischaldev/sleepinghats-cdn@master

package/templates/docker-compose.yml ADDED Viewed

@@ -0,0 +1,279 @@
+services:
+  mysql-init:
+    image: mysql:8.0
+    profiles:
+      - local-db
+    volumes:
+      - mysql-data:/var/lib/mysql
+    command: >
+      bash -c "
+        chown -R mysql:mysql /var/lib/mysql &&
+        chmod -R 755 /var/lib/mysql &&
+        echo 'MySQL volume permissions fixed'
+      "
+    restart: "no"
+  mysql:
+    image: mysql:8.0
+    container_name: ${CONTAINER_PREFIX:-}mysql-server
+    profiles:
+      - local-db
+    env_file:
+      - .env
+    environment:
+      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD:-Admin@Freeschema123}
+      MYSQL_DATABASE: ${MYSQL_DATABASE:-freeschema_db}
+      MYSQL_USER: ${MYSQL_USER:-freeschema}
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD:-Freeschema@123}
+    ports:
+      - "${MYSQL_PORT:-3308}:3306"
+    volumes:
+      - mysql-data:/var/lib/mysql
+      - ./seed-db:/docker-entrypoint-initdb.d:ro
+      - ./my_custom.cnf:/etc/mysql/conf.d/my_custom.cnf:ro
+    networks:
+      - freeschema-network
+    restart: unless-stopped
+    depends_on:
+      - mysql-init
+    user: "999:999"
+    command: >
+      --default-authentication-plugin=mysql_native_password
+    healthcheck:
+      test: ["CMD-SHELL", "mysqladmin ping -h localhost -u${MYSQL_USER:-freeschema} -p${MYSQL_PASSWORD:-Freeschema@123} --silent"]
+      interval: 10s
+      retries: 60
+      start_period: 30s
+      timeout: 10s
+  mqtt-broker:
+    image: eclipse-mosquitto:2.0
+    container_name: ${CONTAINER_PREFIX:-}mqtt-broker
+    profiles:
+      - local-mqtt
+    ports:
+      - "${MQTT_EXTERNAL_PORT:-1884}:1883"
+    volumes:
+      - ./mosquitto/config:/mosquitto/config:ro
+      - ./mosquitto/data:/mosquitto/data
+      - ./mosquitto/log:/mosquitto/log
+    networks:
+      - freeschema-network
+    restart: unless-stopped
+  access-control-server:
+    image: mentorayush/access-control-server:latest
+    container_name: ${CONTAINER_PREFIX:-}access-control-server
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    env_file:
+      - .env
+    environment:
+      - FreeSchemaSetting__ConnectionSetting__DefaultConnection=server=${DB_HOST};port=${DB_PORT};user=${DB_USER};password=${DB_PASSWORD};database=${DB_DATABASE};AllowPublicKeyRetrieval=True;
+      - FreeSchemaSetting__ConnectionSetting__SessionConnection=server=${DB_HOST};port=${DB_PORT};user=${DB_USER};password=${DB_PASSWORD};database=${DB_SESSION_DATABASE};AllowPublicKeyRetrieval=True;
+      - FreeSchemaSetting__Broker__Mqtt__BrokerUrl=${MQTT_HOST}
+      - FreeSchemaSetting__Broker__Mqtt__Port=${MQTT_PORT}
+      - FreeSchemaSetting__Broker__Mqtt__Username=${MQTT_USERNAME}
+      - FreeSchemaSetting__Broker__Mqtt__Password=${MQTT_PASSWORD}
+      - FreeSchemaSetting__AccessControlBaseUrl=http://access-control-server:7000/api/
+    networks:
+      - freeschema-network
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sI http://localhost:7000/health || exit 1"]
+      interval: 10s
+      retries: 5
+      start_period: 30s
+      timeout: 5s
+  wico-server:
+    image: mentorayush/wico-server:latest
+    container_name: ${CONTAINER_PREFIX:-}wico-server
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    env_file:
+      - .env
+    environment:
+      - FreeSchemaSetting__ConnectionSetting__DefaultConnection=server=${DB_HOST};port=${DB_PORT};user=${DB_USER};password=${DB_PASSWORD};database=${DB_DATABASE};AllowPublicKeyRetrieval=True;
+      - FreeSchemaSetting__ConnectionSetting__SessionConnection=server=${DB_HOST};port=${DB_PORT};user=${DB_USER};password=${DB_PASSWORD};database=${DB_SESSION_DATABASE};AllowPublicKeyRetrieval=True;
+      - FreeSchemaSetting__Broker__Type=Mqtt
+      - FreeSchemaSetting__Broker__Mqtt__BrokerUrl=${MQTT_HOST}
+      - FreeSchemaSetting__Broker__Mqtt__Port=${MQTT_PORT}
+      - FreeSchemaSetting__Broker__Mqtt__Username=${MQTT_USERNAME}
+      - FreeSchemaSetting__Broker__Mqtt__Password=${MQTT_PASSWORD}
+      - FreeSchemaSetting__AccessControlBaseUrl=http://access-control-server:7000/api/
+      - JWTSettings__SecretKey=${JWT_SECRET}
+      - ApiSettings__ftp__ImageUploadApiUrl=${FTP_IMAGE_UPLOAD_API_URL}
+      - ApiSettings__ftp__FtpServerUrl=${FTP_SERVER_URL}
+      - ApiSettings__ftp__FtpUsername=${FTP_USERNAME}
+      - ApiSettings__ftp__FtpPassword=${FTP_PASSWORD}
+      - SmtpSettings__SmtpHost=${SMTP_HOST}
+      - SmtpSettings__SmtpUsername=${SMTP_USERNAME}
+      - SmtpSettings__SmtpPassword=${SMTP_PASSWORD}
+      - SmtpSettings__SmtpPort=${SMTP_PORT}
+      - SmtpSettings__FromAddress=${SMTP_FROM_ADDRESS}
+      - ASPNETCORE_ENVIRONMENT=${ASPNETCORE_ENVIRONMENT:-Production}
+      - ASPNETCORE_URLS=http://+:7000
+    depends_on:
+      access-control-server:
+        condition: service_started
+    networks:
+      - freeschema-network
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sI http://localhost:7000/health || exit 1"]
+      interval: 10s
+      retries: 5
+      start_period: 120s
+      timeout: 5s
+  node-server:
+    image: mentorayush/node-server:latest
+    container_name: ${CONTAINER_PREFIX:-}node-server
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    env_file:
+      - .env
+    environment:
+      - BASE_URL=http://wico-server:7000/api
+      - PORT=5000
+      - MFTSCCS_BASE_URL=http://wico-server:7000
+      - MQTT_BROKER=${MQTT_HOST}
+      - MQTT_PORT=${MQTT_PORT}
+      - MQTT_USERNAME=${MQTT_USERNAME}
+      - MQTT_PASSWORD=${MQTT_PASSWORD}
+      - ACCESS_CONTROL_BASE_URL=http://access-control-server:7000/api
+    restart: unless-stopped
+    volumes:
+      - node_server_logs:/app/logs
+    depends_on:
+      access-control-server:
+        condition: service_started
+      wico-server:
+        condition: service_started
+    networks:
+      - freeschema-network
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sI http://localhost:5000/health || exit 1"]
+      interval: 1m30s
+      timeout: 30s
+      retries: 5
+      start_period: 30s
+  node-cache-server:
+    image: mentorayush/node-cache-server:latest
+    container_name: ${CONTAINER_PREFIX:-}node-cache-server
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    env_file:
+      - .env
+    environment:
+      - NODE_ENV=${NODE_ENV:-production}
+      - DISABLE_SWAGGER=${DISABLE_SWAGGER:-true}
+      - BASE_URL=http://wico-server:7000/api
+      - PORT=5000
+      - MFTSCCS_BASE_URL=http://wico-server:7000
+      - MQTT_BROKER=${MQTT_HOST}
+      - MQTT_PORT=${MQTT_PORT}
+      - MQTT_USERNAME=${MQTT_USERNAME}
+      - MQTT_PASSWORD=${MQTT_PASSWORD}
+      - ACCESS_CONTROL_BASE_URL=http://access-control-server:7000/api
+    restart: unless-stopped
+    depends_on:
+      wico-server:
+        condition: service_started
+      access-control-server:
+        condition: service_started
+    networks:
+      - freeschema-network
+  log-server:
+    image: mentorayush/log-server:latest
+    container_name: ${CONTAINER_PREFIX:-}log-server
+    env_file:
+      - .env
+    environment:
+      - MFTSCCS_BASE_URL=http://wico-server:7000
+      - LOGPATH=/app/logs
+      - PORT=5000
+    restart: unless-stopped
+    volumes:
+      - logs_data:/app/logs
+      - anomaly_data:/app/anomalyData
+    depends_on:
+      access-control-server:
+        condition: service_started
+      wico-server:
+        condition: service_started
+    networks:
+      - freeschema-network
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sI http://localhost:5000/health || exit 1"]
+      interval: 1m30s
+      timeout: 30s
+      retries: 5
+      start_period: 30s
+  vccs-app:
+    image: mentorayush/vccs-app:latest
+    container_name: ${CONTAINER_PREFIX:-}vccs-app
+    env_file:
+      - .env.frontend
+    volumes:
+      - ./nginx/vccs-app.conf:/etc/nginx/conf.d/default.conf:ro
+    restart: unless-stopped
+    depends_on:
+      - wico-server
+      - node-server
+    networks:
+      - freeschema-network
+  wico-app:
+    image: mentorayush/wico-app:latest
+    container_name: ${CONTAINER_PREFIX:-}wico-app
+    env_file:
+      - .env.frontend
+    volumes:
+      - ./nginx/wico-app.conf:/etc/nginx/conf.d/default.conf:ro
+    restart: unless-stopped
+    depends_on:
+      - wico-server
+      - node-server
+    networks:
+      - freeschema-network
+  nginx-server:
+    image: nginx:alpine
+    container_name: ${CONTAINER_PREFIX:-}nginx-server
+    restart: unless-stopped
+    ports:
+      - "${NGINX_PORT:-80}:80"
+    environment:
+      - CORS_ORIGIN=${CORS_ORIGIN:-*}
+    volumes:
+      - ./nginx/nginx.conf.template:/etc/nginx/templates/default.conf.template:ro
+    depends_on:
+      - wico-app
+      - vccs-app
+      - node-server
+      - node-cache-server
+      - log-server
+      - wico-server
+      - access-control-server
+    networks:
+      - freeschema-network
+networks:
+  freeschema-network:
+    driver: bridge
+volumes:
+  mysql-data:
+    driver: local
+  logs_data:
+    driver: local
+  anomaly_data:
+    driver: local
+  node_server_logs:
+    driver: local

package/templates/mosquitto/config/mosquitto.conf ADDED Viewed

@@ -0,0 +1,11 @@
+listener 1883
+allow_anonymous false
+password_file /mosquitto/config/password.txt
+listener 9001
+protocol websockets
+allow_anonymous false
+persistence true
+persistence_location /mosquitto/data/
+log_dest file /mosquitto/log/mosquitto.log

package/templates/my_custom.cnf ADDED Viewed

@@ -0,0 +1,54 @@
+[mysqld]
+bind-address = 0.0.0.0
+# Connection and timeout settings
+connect_timeout = 60
+wait_timeout = 28800
+interactive_timeout = 28800
+net_read_timeout = 120
+net_write_timeout = 120
+# Connection limits
+max_connections = 10000
+max_connect_errors = 100000
+# MyISAM Recovery
+myisam-recover-options = BACKUP
+# Replication Settings
+server-id = 1
+log_bin = mysql-bin
+binlog_format = row
+gtid_mode = ON
+enforce-gtid-consistency = ON
+log_replica_updates = ON
+max_binlog_size = 500M
+# InnoDB Performance
+innodb_buffer_pool_size = 3G
+innodb_log_buffer_size = 128M
+innodb_redo_log_capacity = 2G
+innodb_flush_log_at_trx_commit = 2
+# Buffer Sizes
+sort_buffer_size = 4M
+join_buffer_size = 4M
+read_buffer_size = 1M
+read_rnd_buffer_size = 1M
+tmp_table_size = 64M
+max_heap_table_size = 64M
+# Logging
+log_error = /var/lib/mysql/error.log
+slow_query_log = 1
+slow_query_log_file = /var/lib/mysql/mysql-slow.log
+# Character set
+character-set-server = utf8mb4
+collation-server = utf8mb4_unicode_ci
+# SQL mode
+sql_mode = "ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION"
+expire_logs_days = 7
+sync_binlog = 1

package/templates/nginx/nginx.conf.template ADDED Viewed

@@ -0,0 +1,330 @@
+# ================================
+# WebSocket connection upgrade map
+# ================================
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+}
+# ================================
+# Route /images/ & /icons/ to the correct frontend app based on Referer
+# ================================
+map $http_referer $assets_backend {
+    ~*/vccs/    vccs-app;
+    default     wico-app;
+}
+# ================================
+# Main server — HTTP only (SSL handled by external reverse proxy)
+# ================================
+server {
+    listen 80;
+    server_name _;
+    # ── Security Headers ─────────────────────────────────────
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    # ── Hide Upstream CORS Header ─────────────────────────────────────
+    proxy_hide_header Access-Control-Allow-Origin;
+    # ── General Settings ─────────────────────────────────────
+    client_max_body_size 50M;
+    # ── Docker DNS (required for variable-based proxy_pass) ─
+    resolver 127.0.0.11 valid=30s;
+    # ── Gzip Compression ─────────────────────────────────────
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_min_length 256;
+    gzip_types
+        text/plain
+        text/css
+        text/javascript
+        application/javascript
+        application/json
+        application/xml
+        image/svg+xml;
+    # -----------------------------
+    # Health Check (IMPORTANT for HA)
+    # -----------------------------
+    location /health {
+        return 200 "OK";
+        add_header Content-Type text/plain;
+    }
+    # ================================
+    # FRONTEND APPS
+    # ================================
+    location ^~ /images/ {
+        proxy_pass http://$assets_backend:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+    location ^~ /icons/ {
+        proxy_pass http://$assets_backend:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+    location ^~ /vccs/ {
+        proxy_pass http://vccs-app:80/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+    # ================================
+    # API ROUTING
+    # ================================
+    location /socket {
+        proxy_pass http://node-server:5000;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_http_version 1.1;
+        proxy_read_timeout 86400;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+    location /api/v1 {
+        if ($request_method = OPTIONS) {
+            add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Session-Id' always;
+            add_header 'Access-Control-Max-Age' 86400 always;
+            return 204;
+        }
+        add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+        add_header 'Access-Control-Expose-Headers' 'Content-Length, Content-Range' always;
+        proxy_pass http://node-server:5000;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+    location /webhook {
+        if ($request_method = OPTIONS) {
+            add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Session-Id' always;
+            add_header 'Access-Control-Max-Age' 86400 always;
+            return 204;
+        }
+        add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+        add_header 'Access-Control-Expose-Headers' 'Content-Length, Content-Range' always;
+        proxy_pass http://node-server:5000;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+    location /api {
+        if ($request_method = OPTIONS) {
+            add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Session-Id' always;
+            add_header 'Access-Control-Max-Age' 86400 always;
+            return 204;
+        }
+        add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+        add_header 'Access-Control-Expose-Headers' 'Content-Length, Content-Range' always;
+        proxy_pass http://wico-server:7000;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+    # ================================
+    # WICO-API PREFIX ROUTING
+    # ================================
+    location /wico-api/socket {
+        proxy_pass http://node-server:5000/socket;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_http_version 1.1;
+        proxy_read_timeout 86400;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+    location /wico-api/api/v1 {
+        if ($request_method = OPTIONS) {
+            add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Session-Id' always;
+            add_header 'Access-Control-Max-Age' 86400 always;
+            return 204;
+        }
+        add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+        add_header 'Access-Control-Expose-Headers' 'Content-Length, Content-Range' always;
+        proxy_pass http://node-server:5000/api/v1;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+    location /wico-api/webhook {
+        if ($request_method = OPTIONS) {
+            add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Session-Id' always;
+            add_header 'Access-Control-Max-Age' 86400 always;
+            return 204;
+        }
+        add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+        add_header 'Access-Control-Expose-Headers' 'Content-Length, Content-Range' always;
+        proxy_pass http://node-server:5000/webhook;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+    location /wico-api/api {
+        if ($request_method = OPTIONS) {
+            add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Session-Id' always;
+            add_header 'Access-Control-Max-Age' 86400 always;
+            return 204;
+        }
+        add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+        add_header 'Access-Control-Expose-Headers' 'Content-Length, Content-Range' always;
+        proxy_pass http://wico-server:7000/api;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+    # ================================
+    # SERVICE-SPECIFIC PREFIX ROUTES
+    # ================================
+    location /access-control-api/ {
+        if ($request_method = OPTIONS) {
+            add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Session-Id' always;
+            add_header 'Access-Control-Max-Age' 86400 always;
+            return 204;
+        }
+        add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+        add_header 'Access-Control-Expose-Headers' 'Content-Length, Content-Range' always;
+        proxy_pass http://access-control-server:7000/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+    location /node-api/ {
+        if ($request_method = OPTIONS) {
+            add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Session-Id' always;
+            add_header 'Access-Control-Max-Age' 86400 always;
+            return 204;
+        }
+        add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+        add_header 'Access-Control-Expose-Headers' 'Content-Length, Content-Range' always;
+        proxy_pass http://node-server:5000/;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+    location /wico-api/ {
+        if ($request_method = OPTIONS) {
+            add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Session-Id' always;
+            add_header 'Access-Control-Max-Age' 86400 always;
+            return 204;
+        }
+        add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+        add_header 'Access-Control-Expose-Headers' 'Content-Length, Content-Range' always;
+        proxy_pass http://wico-server:7000/;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+    location /cache-api/ {
+        if ($request_method = OPTIONS) {
+            add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Session-Id' always;
+            add_header 'Access-Control-Max-Age' 86400 always;
+            return 204;
+        }
+        add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+        add_header 'Access-Control-Expose-Headers' 'Content-Length, Content-Range' always;
+        proxy_pass http://node-cache-server:5000/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+    location /log-api/ {
+        if ($request_method = OPTIONS) {
+            add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Session-Id' always;
+            add_header 'Access-Control-Max-Age' 86400 always;
+            return 204;
+        }
+        add_header 'Access-Control-Allow-Origin' '${CORS_ORIGIN}' always;
+        add_header 'Access-Control-Expose-Headers' 'Content-Length, Content-Range' always;
+        proxy_pass http://log-server:5000/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+    # ================================
+    # WICO APP — Main domain (catch-all)
+    # ================================
+    location / {
+        proxy_pass http://wico-app:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+}

package/templates/nginx/vccs-app.conf ADDED Viewed

@@ -0,0 +1,21 @@
+server {
+  listen 80;
+  server_name _;
+  root /usr/share/nginx/html;
+  index index.html;
+  location / {
+    try_files $uri /index.html;
+  }
+  location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+    expires 1y;
+    add_header Cache-Control "public, immutable";
+  }
+  gzip on;
+  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+  client_max_body_size 10M;
+}

package/templates/nginx/wico-app.conf ADDED Viewed

@@ -0,0 +1,21 @@
+server {
+  listen 80;
+  server_name _;
+  root /usr/share/nginx/html;
+  index index.html;
+  location / {
+    try_files $uri /index.html;
+  }
+  location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+    expires 1y;
+    add_header Cache-Control "public, immutable";
+  }
+  gzip on;
+  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+  client_max_body_size 10M;
+}