From efd648a9a659d592dfca525ab3ee9976c395bf14 Mon Sep 17 00:00:00 2001 From: WashingtonKK Date: Thu, 12 Feb 2026 14:56:11 +0300 Subject: [PATCH 1/9] NOISSUE - Fix local dev startup issues and harden config management Fixes #180, #181, #179, partially addresses #178 Changes: - Disable attested TLS for local dev (make up) to prevent proxy crash when cert files don't exist (fixes #180 - proxy "is a directory" error) - Keep attested TLS enabled for cloud deployments (make up-cloud) - Expose UI port 6193 directly to host for local dev (fixes #181) - Add missing environment variables to silence warnings (fixes #179): * SMQ_AUTH_LOGIN_TOKEN_DURATION * Optional services variables (groups, channels, clients) - Replace fragile backup/restore pattern with git checkout to prevent stale backups from clobbering newly added environment variables - Remove restore-cloud-config from down targets to fix "invalid hostPort: __TRAEFIK_HTTP_PORT__" error (partially fixes #178) - Fix dependency ordering so git checkout runs before enable-guardrails and config-backend to avoid clobbering their changes - Decouple deploy-cloud workflow from local-dev make targets to prevent config-cloud-local from overwriting secrets with localhost defaults - Add missing Google OAuth placeholder replacements in deploy workflow Signed-off-by: WashingtonKK --- .github/workflows/deploy-cloud.yaml | 9 ++++- Makefile | 34 ++++++++--------- docker/.env | 57 +++++++++++++++++------------ docker/config.json | 6 +-- docker/supermq-compose.yaml | 2 + 5 files changed, 61 insertions(+), 47 deletions(-) diff --git a/.github/workflows/deploy-cloud.yaml b/.github/workflows/deploy-cloud.yaml index 94e8387..36372d4 100644 --- a/.github/workflows/deploy-cloud.yaml +++ b/.github/workflows/deploy-cloud.yaml @@ -99,6 +99,11 @@ jobs: sed -i "s|__CUBE_PUBLIC_URL__|${{ secrets.CUBE_PUBLIC_URL }}|g" docker/.env sed -i "s|__CUBE_INTERNAL_AGENT_URL__|${{ secrets.CUBE_INTERNAL_AGENT_URL }}|g" docker/.env + # Replace Google OAuth placeholders + sed -i "s|__SMQ_GOOGLE_CLIENT_ID__|${{ secrets.SMQ_GOOGLE_CLIENT_ID }}|g" docker/.env + sed -i "s|__SMQ_GOOGLE_CLIENT_SECRET__|${{ secrets.SMQ_GOOGLE_CLIENT_SECRET }}|g" docker/.env + sed -i "s|__SMQ_GOOGLE_STATE__|${{ secrets.SMQ_GOOGLE_STATE }}|g" docker/.env + # Replace Traefik configuration placeholders sed -i "s|__TRAEFIK_HTTP_PORT__|${{ secrets.TRAEFIK_HTTP_PORT }}|g" docker/.env sed -i "s|__TRAEFIK_HTTPS_PORT__|${{ secrets.TRAEFIK_HTTPS_PORT }}|g" docker/.env @@ -111,10 +116,10 @@ jobs: docker compose -f docker/compose.yaml --profile cloud pull 2>&1 echo "Stopping existing services" - make down-cloud 2>&1 + docker compose -f docker/compose.yaml --profile cloud down 2>&1 echo "Starting cloud services" - make up-cloud 2>&1 + docker compose -f docker/compose.yaml --profile cloud up -d 2>&1 echo "Waiting for services to start (30 seconds)..." sleep 30 diff --git a/Makefile b/Makefile index 6f2a5b7..79fbb30 100644 --- a/Makefile +++ b/Makefile @@ -155,8 +155,18 @@ up-vllm: config-vllm @echo "Starting Cube with vLLM backend..." docker compose -f docker/compose.yaml --profile vllm up -d +.PHONY: disable-atls +disable-atls: + @echo "Disabling attested TLS for local development..." + @sed -i 's|^UV_CUBE_AGENT_CLIENT_CERT=.*|UV_CUBE_AGENT_CLIENT_CERT=|' docker/.env + @sed -i 's|^UV_CUBE_AGENT_CLIENT_KEY=.*|UV_CUBE_AGENT_CLIENT_KEY=|' docker/.env + @sed -i 's|^UV_CUBE_AGENT_SERVER_CA_CERTS=.*|UV_CUBE_AGENT_SERVER_CA_CERTS=|' docker/.env + @sed -i 's|^UV_CUBE_AGENT_ATTESTED_TLS=.*|UV_CUBE_AGENT_ATTESTED_TLS=false|' docker/.env + @sed -i 's|^UV_CUBE_AGENT_ATTESTATION_POLICY=.*|UV_CUBE_AGENT_ATTESTATION_POLICY=|' docker/.env + @echo "✓ Attested TLS disabled" + .PHONY: up -up: enable-guardrails config-backend config-cloud-local +up: config-cloud-local enable-guardrails config-backend disable-atls ifeq ($(AI_BACKEND),vllm) @$(MAKE) up-vllm else @@ -164,7 +174,7 @@ else endif .PHONY: up-disable-guardrails -up-disable-guardrails: disable-guardrails config-backend config-cloud-local +up-disable-guardrails: config-cloud-local disable-guardrails config-backend disable-atls ifeq ($(AI_BACKEND),vllm) @$(MAKE) up-vllm else @@ -174,9 +184,7 @@ endif .PHONY: config-cloud-local config-cloud-local: @echo "Configuring cloud deployment for local environment..." - @cp docker/.env docker/.env.backup 2>/dev/null || true - @cp docker/traefik/dynamic.toml docker/traefik/dynamic.toml.backup 2>/dev/null || true - @cp docker/config.json docker/config.json.backup 2>/dev/null || true + @git checkout -- docker/.env docker/traefik/dynamic.toml docker/config.json 2>/dev/null || true @sed -i 's|__SMQ_EMAIL_HOST__|localhost|g' docker/.env @sed -i 's|__SMQ_EMAIL_PORT__|1025|g' docker/.env @sed -i 's|__SMQ_EMAIL_USERNAME__|test|g' docker/.env @@ -197,18 +205,8 @@ config-cloud-local: .PHONY: restore-cloud-config restore-cloud-config: @echo "Restoring cloud deployment placeholders..." - @if [ -f docker/.env.backup ]; then \ - mv docker/.env.backup docker/.env; \ - echo "✓ Restored .env"; \ - fi - @if [ -f docker/traefik/dynamic.toml.backup ]; then \ - mv docker/traefik/dynamic.toml.backup docker/traefik/dynamic.toml; \ - echo "✓ Restored dynamic.toml"; \ - fi - @if [ -f docker/config.json.backup ]; then \ - mv docker/config.json.backup docker/config.json; \ - echo "✓ Restored config.json"; \ - fi + @git checkout -- docker/.env docker/traefik/dynamic.toml docker/config.json 2>/dev/null && \ + echo "✓ Restored from git" || echo "⚠ git restore failed, files may not be tracked" .PHONY: up-cloud up-cloud: config-cloud-local @@ -237,7 +235,6 @@ down: down-cloud: @echo "Stopping Cube Cloud services..." docker compose -f docker/compose.yaml --profile cloud down - @$(MAKE) restore-cloud-config .PHONY: down-volumes down-volumes: @@ -248,7 +245,6 @@ down-volumes: down-cloud-volumes: @echo "Stopping Cube Cloud services and removing volumes..." docker compose -f docker/compose.yaml --profile cloud down -v - @$(MAKE) restore-cloud-config .PHONY: restart restart: down up diff --git a/docker/.env b/docker/.env index 0740a29..490f17a 100644 --- a/docker/.env +++ b/docker/.env @@ -52,6 +52,7 @@ SMQ_AUTH_SECRET_KEY="ZA4vBf79fy6mrvQD2XnMqc4vNB9WDz" SMQ_AUTH_ACCESS_TOKEN_DURATION="1h" SMQ_AUTH_REFRESH_TOKEN_DURATION="24h" SMQ_AUTH_INVITATION_DURATION="168h" +SMQ_AUTH_LOGIN_TOKEN_DURATION= SMQ_AUTH_ADAPTER_INSTANCE_ID= SMQ_AUTH_URL=http://auth:8189 SMQ_AUTH_KEYS_ALGORITHM="EdDSA" @@ -159,26 +160,26 @@ SMQ_ALLOW_UNVERIFIED_USER=true SMQ_USERS_DELETE_INTERVAL=24h SMQ_USERS_DELETE_AFTER=720h SMQ_USERS_URL=http://users:9002 -SMQ_PASSWORD_RESET_URL_PREFIX=__CUBE_PUBLIC_URL__/password-reset +SMQ_PASSWORD_RESET_URL_PREFIX=localhost/password-reset SMQ_PASSWORD_RESET_EMAIL_TEMPLATE=password-reset.tmpl -SMQ_VERIFICATION_URL_PREFIX=__CUBE_PUBLIC_URL__/api/verify-email +SMQ_VERIFICATION_URL_PREFIX=localhost/api/verify-email SMQ_VERIFICATION_EMAIL_TEMPLATE=verification.tmpl ### Google OAuth2 -SMQ_GOOGLE_CLIENT_ID=__SMQ_GOOGLE_CLIENT_ID__ -SMQ_GOOGLE_CLIENT_SECRET=__SMQ_GOOGLE_CLIENT_SECRET__ -SMQ_GOOGLE_REDIRECT_URL=https://__CUBE_PUBLIC_URL__/oauth/callback/google -SMQ_GOOGLE_STATE=__SMQ_GOOGLE_STATE__ -SMQ_OAUTH_UI_REDIRECT_URL=https://__CUBE_PUBLIC_URL__/api/auth/token -SMQ_OAUTH_UI_ERROR_URL=https://__CUBE_PUBLIC_URL__/login +SMQ_GOOGLE_CLIENT_ID= +SMQ_GOOGLE_CLIENT_SECRET= +SMQ_GOOGLE_REDIRECT_URL=https://localhost/oauth/callback/google +SMQ_GOOGLE_STATE= +SMQ_OAUTH_UI_REDIRECT_URL=https://localhost/api/auth/token +SMQ_OAUTH_UI_ERROR_URL=https://localhost/login ### Email utility -SMQ_EMAIL_HOST=__SMQ_EMAIL_HOST__ -SMQ_EMAIL_PORT=__SMQ_EMAIL_PORT__ -SMQ_EMAIL_USERNAME=__SMQ_EMAIL_USERNAME__ -SMQ_EMAIL_PASSWORD=__SMQ_EMAIL_PASSWORD__ -SMQ_EMAIL_FROM_ADDRESS=__SMQ_EMAIL_FROM_ADDRESS__ +SMQ_EMAIL_HOST=localhost +SMQ_EMAIL_PORT=1025 +SMQ_EMAIL_USERNAME=test +SMQ_EMAIL_PASSWORD=test +SMQ_EMAIL_FROM_ADDRESS=noreply@localhost SMQ_EMAIL_FROM_NAME=Cube AI SMQ_EMAIL_TEMPLATE=email.tmpl @@ -191,7 +192,7 @@ UV_CUBE_PROXY_HOST=0.0.0.0 UV_CUBE_PROXY_PORT=8900 UV_CUBE_PROXY_SERVER_CERT= UV_CUBE_PROXY_SERVER_KEY= -UV_CUBE_AGENT_URL=__CUBE_INTERNAL_AGENT_URL__ +UV_CUBE_AGENT_URL=http://cube-agent:8901 UV_CUBE_PROXY_INSTANCE_ID= UV_CUBE_PROXY_ROUTER_CONFIG=/etc/cube/proxy/config.json @@ -217,11 +218,11 @@ UV_CUBE_AGENT_SERVER_KEY= UV_CUBE_AGENT_INSTANCE_ID= # Agent mTLS Configuration (for proxy to agent communication) -UV_CUBE_AGENT_CLIENT_CERT=/etc/cube/certs/client.crt -UV_CUBE_AGENT_CLIENT_KEY=/etc/cube/certs/client.key -UV_CUBE_AGENT_SERVER_CA_CERTS=/etc/cube/certs/ca.pem -UV_CUBE_AGENT_ATTESTED_TLS=true -UV_CUBE_AGENT_ATTESTATION_POLICY=/etc/cube/tdx_policy.json +UV_CUBE_AGENT_CLIENT_CERT= +UV_CUBE_AGENT_CLIENT_KEY= +UV_CUBE_AGENT_SERVER_CA_CERTS= +UV_CUBE_AGENT_ATTESTED_TLS=false +UV_CUBE_AGENT_ATTESTATION_POLICY= UV_CUBE_AGENT_PRODUCT_NAME=Milan #UI @@ -233,7 +234,7 @@ UV_CUBE_PUBLIC_BASE_PATH=/ MG_UI_TYPE=cube-ai UV_CUBE_UI_NEXTAUTH_SECRET="cZAcFIdjxebC1XDULvfoXs_sO7ufCTRo3hW2lXtMoCvcSKkTyP" # change IP address to your local IP address -UV_CUBE_NEXTAUTH_URL=https://__CUBE_PUBLIC_URL__ +UV_CUBE_NEXTAUTH_URL=https://localhost UV_CUBE_UI_DOCKER_ACCEPT_EULA=yes UV_CUBE_NODE_ENV= @@ -257,6 +258,16 @@ UV_GUARDRAILS_DB_PASS=guardrails UV_GUARDRAILS_DB_NAME=guardrails ## Traefik Configuration -TRAEFIK_HTTP_PORT=__TRAEFIK_HTTP_PORT__ -TRAEFIK_HTTPS_PORT=__TRAEFIK_HTTPS_PORT__ -TRAEFIK_DASHBOARD_PORT=__TRAEFIK_DASHBOARD_PORT__ +TRAEFIK_HTTP_PORT=49210 +TRAEFIK_HTTPS_PORT=49211 +TRAEFIK_DASHBOARD_PORT=49212 + +## Optional Services (Groups, Channels, Clients) +## These variables are referenced by the domains service but the services may not be deployed +SMQ_GROUPS_GRPC_URL= +SMQ_GROUPS_GRPC_TIMEOUT= +SMQ_CHANNELS_URL= +SMQ_CHANNELS_GRPC_URL= +SMQ_CHANNELS_GRPC_TIMEOUT= +SMQ_CLIENTS_GRPC_URL= +SMQ_CLIENTS_GRPC_TIMEOUT= diff --git a/docker/config.json b/docker/config.json index cd192f2..32a8bb4 100644 --- a/docker/config.json +++ b/docker/config.json @@ -3,7 +3,7 @@ "routes": [ { "name": "guardrails-agent", - "target_url": "__CUBE_INTERNAL_AGENT_URL__", + "target_url": "http://cube-agent:8901", "matchers": [ { "condition": "header", @@ -16,7 +16,7 @@ }, { "name": "attestation", - "target_url": "__CUBE_INTERNAL_AGENT_URL__", + "target_url": "http://cube-agent:8901", "matchers": [ { "condition": "path", @@ -71,7 +71,7 @@ }, { "name": "agent", - "target_url": "__CUBE_INTERNAL_AGENT_URL__", + "target_url": "http://cube-agent:8901", "default_rule": true, "enabled": true } diff --git a/docker/supermq-compose.yaml b/docker/supermq-compose.yaml index 5527111..88e9d07 100644 --- a/docker/supermq-compose.yaml +++ b/docker/supermq-compose.yaml @@ -318,6 +318,8 @@ services: - domains networks: - cube-network + ports: + - ${UI_PORT}:${UI_PORT} environment: PORT: ${UI_PORT} RUNTIME_ENV: ${UV_RUNTIME_ENV} From acb9e9e86f035b21264792ec5a38426b537967fd Mon Sep 17 00:00:00 2001 From: WashingtonKK Date: Fri, 13 Feb 2026 13:10:35 +0300 Subject: [PATCH 2/9] NOISSUE - Restore placeholders in .env and config.json Revert placeholder replacements that were committed but should remain as placeholders for secret/environment-specific values: - Email configuration placeholders - Google OAuth placeholders - Public URL placeholders - Agent URL placeholders - Traefik port placeholders - Agent mTLS certificate paths These placeholders are replaced at deployment time by: - config-cloud-local target (for local dev) - deploy-cloud.yaml workflow (for cloud deployment) Keep only the intentional additions: - SMQ_AUTH_LOGIN_TOKEN_DURATION variable (issue #179) - Optional services variables section (issue #179) Signed-off-by: Washington Oganda --- docker/.env | 46 +++++++++++++++++++++++----------------------- docker/config.json | 6 +++--- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/docker/.env b/docker/.env index 490f17a..01130f3 100644 --- a/docker/.env +++ b/docker/.env @@ -160,26 +160,26 @@ SMQ_ALLOW_UNVERIFIED_USER=true SMQ_USERS_DELETE_INTERVAL=24h SMQ_USERS_DELETE_AFTER=720h SMQ_USERS_URL=http://users:9002 -SMQ_PASSWORD_RESET_URL_PREFIX=localhost/password-reset +SMQ_PASSWORD_RESET_URL_PREFIX=__CUBE_PUBLIC_URL__/password-reset SMQ_PASSWORD_RESET_EMAIL_TEMPLATE=password-reset.tmpl -SMQ_VERIFICATION_URL_PREFIX=localhost/api/verify-email +SMQ_VERIFICATION_URL_PREFIX=__CUBE_PUBLIC_URL__/api/verify-email SMQ_VERIFICATION_EMAIL_TEMPLATE=verification.tmpl ### Google OAuth2 -SMQ_GOOGLE_CLIENT_ID= -SMQ_GOOGLE_CLIENT_SECRET= -SMQ_GOOGLE_REDIRECT_URL=https://localhost/oauth/callback/google -SMQ_GOOGLE_STATE= -SMQ_OAUTH_UI_REDIRECT_URL=https://localhost/api/auth/token -SMQ_OAUTH_UI_ERROR_URL=https://localhost/login +SMQ_GOOGLE_CLIENT_ID=__SMQ_GOOGLE_CLIENT_ID__ +SMQ_GOOGLE_CLIENT_SECRET=__SMQ_GOOGLE_CLIENT_SECRET__ +SMQ_GOOGLE_REDIRECT_URL=https://__CUBE_PUBLIC_URL__/oauth/callback/google +SMQ_GOOGLE_STATE=__SMQ_GOOGLE_STATE__ +SMQ_OAUTH_UI_REDIRECT_URL=https://__CUBE_PUBLIC_URL__/api/auth/token +SMQ_OAUTH_UI_ERROR_URL=https://__CUBE_PUBLIC_URL__/login ### Email utility -SMQ_EMAIL_HOST=localhost -SMQ_EMAIL_PORT=1025 -SMQ_EMAIL_USERNAME=test -SMQ_EMAIL_PASSWORD=test -SMQ_EMAIL_FROM_ADDRESS=noreply@localhost +SMQ_EMAIL_HOST=__SMQ_EMAIL_HOST__ +SMQ_EMAIL_PORT=__SMQ_EMAIL_PORT__ +SMQ_EMAIL_USERNAME=__SMQ_EMAIL_USERNAME__ +SMQ_EMAIL_PASSWORD=__SMQ_EMAIL_PASSWORD__ +SMQ_EMAIL_FROM_ADDRESS=__SMQ_EMAIL_FROM_ADDRESS__ SMQ_EMAIL_FROM_NAME=Cube AI SMQ_EMAIL_TEMPLATE=email.tmpl @@ -192,7 +192,7 @@ UV_CUBE_PROXY_HOST=0.0.0.0 UV_CUBE_PROXY_PORT=8900 UV_CUBE_PROXY_SERVER_CERT= UV_CUBE_PROXY_SERVER_KEY= -UV_CUBE_AGENT_URL=http://cube-agent:8901 +UV_CUBE_AGENT_URL=__CUBE_INTERNAL_AGENT_URL__ UV_CUBE_PROXY_INSTANCE_ID= UV_CUBE_PROXY_ROUTER_CONFIG=/etc/cube/proxy/config.json @@ -218,11 +218,11 @@ UV_CUBE_AGENT_SERVER_KEY= UV_CUBE_AGENT_INSTANCE_ID= # Agent mTLS Configuration (for proxy to agent communication) -UV_CUBE_AGENT_CLIENT_CERT= -UV_CUBE_AGENT_CLIENT_KEY= -UV_CUBE_AGENT_SERVER_CA_CERTS= -UV_CUBE_AGENT_ATTESTED_TLS=false -UV_CUBE_AGENT_ATTESTATION_POLICY= +UV_CUBE_AGENT_CLIENT_CERT=/etc/cube/certs/client.crt +UV_CUBE_AGENT_CLIENT_KEY=/etc/cube/certs/client.key +UV_CUBE_AGENT_SERVER_CA_CERTS=/etc/cube/certs/ca.pem +UV_CUBE_AGENT_ATTESTED_TLS=true +UV_CUBE_AGENT_ATTESTATION_POLICY=/etc/cube/tdx_policy.json UV_CUBE_AGENT_PRODUCT_NAME=Milan #UI @@ -234,7 +234,7 @@ UV_CUBE_PUBLIC_BASE_PATH=/ MG_UI_TYPE=cube-ai UV_CUBE_UI_NEXTAUTH_SECRET="cZAcFIdjxebC1XDULvfoXs_sO7ufCTRo3hW2lXtMoCvcSKkTyP" # change IP address to your local IP address -UV_CUBE_NEXTAUTH_URL=https://localhost +UV_CUBE_NEXTAUTH_URL=https://__CUBE_PUBLIC_URL__ UV_CUBE_UI_DOCKER_ACCEPT_EULA=yes UV_CUBE_NODE_ENV= @@ -258,9 +258,9 @@ UV_GUARDRAILS_DB_PASS=guardrails UV_GUARDRAILS_DB_NAME=guardrails ## Traefik Configuration -TRAEFIK_HTTP_PORT=49210 -TRAEFIK_HTTPS_PORT=49211 -TRAEFIK_DASHBOARD_PORT=49212 +TRAEFIK_HTTP_PORT=__TRAEFIK_HTTP_PORT__ +TRAEFIK_HTTPS_PORT=__TRAEFIK_HTTPS_PORT__ +TRAEFIK_DASHBOARD_PORT=__TRAEFIK_DASHBOARD_PORT__ ## Optional Services (Groups, Channels, Clients) ## These variables are referenced by the domains service but the services may not be deployed diff --git a/docker/config.json b/docker/config.json index 32a8bb4..cd192f2 100644 --- a/docker/config.json +++ b/docker/config.json @@ -3,7 +3,7 @@ "routes": [ { "name": "guardrails-agent", - "target_url": "http://cube-agent:8901", + "target_url": "__CUBE_INTERNAL_AGENT_URL__", "matchers": [ { "condition": "header", @@ -16,7 +16,7 @@ }, { "name": "attestation", - "target_url": "http://cube-agent:8901", + "target_url": "__CUBE_INTERNAL_AGENT_URL__", "matchers": [ { "condition": "path", @@ -71,7 +71,7 @@ }, { "name": "agent", - "target_url": "http://cube-agent:8901", + "target_url": "__CUBE_INTERNAL_AGENT_URL__", "default_rule": true, "enabled": true } From 8cefae6b466c6356a5945b6a69f869bd46026144 Mon Sep 17 00:00:00 2001 From: WashingtonKK Date: Fri, 13 Feb 2026 14:31:42 +0300 Subject: [PATCH 3/9] NOISSUE - Fix down-volumes and add missing CUBE_AI_PROXY_URL - Fix down-volumes target to stop all services including cloud and vllm profiles instead of only default profile - Add CUBE_AI_PROXY_URL variable to .env (renamed from CUBE_AI_ATTESTATION_URL in commit d5e66a9) to fix docker-compose warning Signed-off-by: Washington Oganda Signed-off-by: WashingtonKK --- Makefile | 2 +- docker/.env | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 79fbb30..865178d 100644 --- a/Makefile +++ b/Makefile @@ -239,7 +239,7 @@ down-cloud: .PHONY: down-volumes down-volumes: @echo "Stopping all Cube services and removing volumes..." - docker compose -f docker/compose.yaml down -v + docker compose -f docker/compose.yaml --profile cloud --profile vllm down -v .PHONY: down-cloud-volumes down-cloud-volumes: diff --git a/docker/.env b/docker/.env index 01130f3..6961b36 100644 --- a/docker/.env +++ b/docker/.env @@ -249,6 +249,7 @@ UV_CUBE_UI_LLM_DEFAULT_MODEL=tinyllama:1.1b # UI Attestation Configuration CUBE_AI_ATTESTATION_URL=http://cube-proxy:${UV_CUBE_PROXY_PORT} +CUBE_AI_PROXY_URL=http://cube-proxy:${UV_CUBE_PROXY_PORT} ## Guardrails DB UV_GUARDRAILS_DB_HOST=cube-guardrails-db From a67eec6fb59cfe7a6f70e73e80bbb0cedef39ff7 Mon Sep 17 00:00:00 2001 From: WashingtonKK Date: Fri, 13 Feb 2026 15:10:18 +0300 Subject: [PATCH 4/9] NOISSUE - Remove unused cloud targets and update README - Remove make up-cloud, down-cloud, down-cloud-volumes, and restart-cloud targets (not used by deploy-cloud.yaml workflow) - Keep logs-cloud target (used by workflow for debugging) - Update README.md to reflect local dev vs cloud deployment: * Document direct UI access on port 6193 * Update all API examples to use https://localhost:49211 * Clarify cloud deployment uses GitHub Actions workflow * Remove references to make up-cloud Signed-off-by: Washington Oganda Signed-off-by: WashingtonKK --- Makefile | 31 ------------------------------- README.md | 46 +++++++++++++++++++++++++++++++--------------- 2 files changed, 31 insertions(+), 46 deletions(-) diff --git a/Makefile b/Makefile index 865178d..ce49938 100644 --- a/Makefile +++ b/Makefile @@ -208,44 +208,16 @@ restore-cloud-config: @git checkout -- docker/.env docker/traefik/dynamic.toml docker/config.json 2>/dev/null && \ echo "✓ Restored from git" || echo "⚠ git restore failed, files may not be tracked" -.PHONY: up-cloud -up-cloud: config-cloud-local - @echo "Starting Cube Cloud services with local configuration..." - @mkdir -p docker/traefik/ssl/certs docker/traefik/letsencrypt - @if [ ! -f docker/traefik/ssl/certs/acme.json ]; then \ - printf '{}' > docker/traefik/ssl/certs/acme.json; \ - chmod 600 docker/traefik/ssl/certs/acme.json; \ - echo "✓ Created acme.json"; \ - fi - docker compose -f docker/compose.yaml --profile cloud up -d - @echo "" - @echo "=== Cube Cloud Services Started ===" - @echo " - UI: http://localhost:49210/" - @echo " - Proxy API: http://localhost:49210/proxy" - @echo " - Traefik Dashboard: http://localhost:49212" - @echo "" - @echo "Note: Run 'make restore-cloud-config' to restore placeholders after stopping" - .PHONY: down down: @echo "Stopping all Cube services..." docker compose -f docker/compose.yaml down -.PHONY: down-cloud -down-cloud: - @echo "Stopping Cube Cloud services..." - docker compose -f docker/compose.yaml --profile cloud down - .PHONY: down-volumes down-volumes: @echo "Stopping all Cube services and removing volumes..." docker compose -f docker/compose.yaml --profile cloud --profile vllm down -v -.PHONY: down-cloud-volumes -down-cloud-volumes: - @echo "Stopping Cube Cloud services and removing volumes..." - docker compose -f docker/compose.yaml --profile cloud down -v - .PHONY: restart restart: down up @@ -255,9 +227,6 @@ restart-ollama: down up-ollama .PHONY: restart-vllm restart-vllm: down up-vllm -.PHONY: restart-cloud -restart-cloud: down-cloud up-cloud - .PHONY: logs logs: docker compose -f docker/compose.yaml logs -f diff --git a/README.md b/README.md index 879afc1..ff59578 100644 --- a/README.md +++ b/README.md @@ -84,22 +84,28 @@ Cube AI uses TEEs to protect user data and AI models from unauthorized access. T # Local development with vLLM make up-vllm - # Cloud deployment (configures traefik for cloud ports) - make up-cloud - # Stop services make down - # Stop services and remove volumes + # Stop services and remove volumes (includes all profiles) make down-volumes ``` + **Local Development Access:** + - UI: http://localhost:6193 + - Traefik Gateway: https://localhost:49211 + - Traefik Dashboard: http://localhost:49212 + + **Cloud Deployment:** + Cloud deployment is automated via GitHub Actions workflow (`.github/workflows/deploy-cloud.yaml`). + The workflow handles configuration, secret injection, and service deployment automatically. + 3. **Get your authentication token** All API requests require JWT authentication. Once services are running, obtain a token: ```bash - curl -ksSiX POST https://localhost/users/tokens/issue \ + curl -ksSiX POST https://localhost:49211/users/tokens/issue \ -H "Content-Type: application/json" \ -d '{ "username": "admin@example.com", @@ -121,7 +127,7 @@ Cube AI uses TEEs to protect user data and AI models from unauthorized access. T All API requests require a domain ID in the URL path. You can fetch a domain ID from the UI or create one via the API: ```bash - curl -ksSiX POST https://localhost/domains \ + curl -ksSiX POST https://localhost:49211/domains \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \ -d '{ @@ -163,14 +169,14 @@ Cube AI uses TEEs to protect user data and AI models from unauthorized access. T List available models (replace `YOUR_DOMAIN_ID` with the domain ID from step 4): ```bash - curl -k https://localhost/proxy/YOUR_DOMAIN_ID/v1/models \ + curl -k https://localhost:49211/proxy/YOUR_DOMAIN_ID/v1/models \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" ``` 6. **Make your first AI request** ```bash - curl -k https://localhost/proxy/YOUR_DOMAIN_ID/v1/chat/completions \ + curl -k https://localhost:49211/proxy/YOUR_DOMAIN_ID/v1/chat/completions \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \ -d '{ @@ -188,9 +194,17 @@ Cube AI uses TEEs to protect user data and AI models from unauthorized access. T Cube AI exposes all services through a Traefik reverse proxy. All protected endpoints require the `Authorization: Bearer ` header with a valid JWT token. +**Local Development Access:** +- Via Traefik HTTPS: `https://localhost:49211` (recommended) +- Direct UI access: `http://localhost:6193` + +**Cloud Deployment Access:** +- Via Traefik HTTPS: `https://your-domain.com` + ### Proxy Endpoints (OpenAI-Compatible) -**Base URL:** `https://localhost/proxy/` +**Base URL (Local):** `https://localhost:49211/proxy/` +**Base URL (Cloud):** `https://your-domain.com/proxy/` Replace `{domainID}` with your domain ID from the Getting Started section. @@ -219,19 +233,20 @@ Example: ```bash # OpenAI-compatible endpoint -curl -k https://localhost/proxy/YOUR_DOMAIN_ID/v1/chat/completions \ +curl -k https://localhost:49211/proxy/YOUR_DOMAIN_ID/v1/chat/completions \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d '{"model":"tinyllama:1.1b","messages":[{"role":"user","content":"Hello"}]}' # Ollama API endpoint -curl -k https://localhost/proxy/YOUR_DOMAIN_ID/api/tags \ +curl -k https://localhost:49211/proxy/YOUR_DOMAIN_ID/api/tags \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" ``` ### Auth Endpoints -**Base URL:** `https://localhost/users` +**Base URL (Local):** `https://localhost:49211/users` +**Base URL (Cloud):** `https://your-domain.com/users` | Method | Path | Description | |--------|-------------------------------|----------------------------------------| @@ -244,7 +259,7 @@ curl -k https://localhost/proxy/YOUR_DOMAIN_ID/api/tags \ Example: ```bash -curl -ksSiX POST https://localhost/users/tokens/issue \ +curl -ksSiX POST https://localhost:49211/users/tokens/issue \ -H "Content-Type: application/json" \ -d '{ "username": "admin@example.com", @@ -254,7 +269,8 @@ curl -ksSiX POST https://localhost/users/tokens/issue \ ### Domains Endpoints -**Base URL:** `https://localhost/domains` +**Base URL (Local):** `https://localhost:49211/domains` +**Base URL (Cloud):** `https://your-domain.com/domains` | Method | Path | Description | |--------|-------------------------------|----------------------------------------| @@ -269,7 +285,7 @@ curl -ksSiX POST https://localhost/users/tokens/issue \ Example: ```bash -curl -ksSiX POST https://localhost/domains \ +curl -ksSiX POST https://localhost:49211/domains \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \ -d '{ From 9894f6affa3027e05ed96686c90c110ff42763c4 Mon Sep 17 00:00:00 2001 From: WashingtonKK Date: Fri, 13 Feb 2026 15:34:38 +0300 Subject: [PATCH 5/9] NOISSUE - Use standard Traefik ports for local dev - Configure local dev to use standard ports (80, 443, 8080) - Cloud deployment continues using custom ports from secrets - Update all README examples to use https://localhost instead of :49211 - Local: Traefik on 80/443, Dashboard on 8080 - Cloud: Traefik on custom ports from GitHub secrets Signed-off-by: Washington Oganda Signed-off-by: WashingtonKK --- Makefile | 6 +++--- README.md | 28 ++++++++++++++-------------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/Makefile b/Makefile index ce49938..1898b80 100644 --- a/Makefile +++ b/Makefile @@ -197,9 +197,9 @@ config-cloud-local: @sed -i 's|__SMQ_GOOGLE_CLIENT_SECRET__||g' docker/.env @sed -i 's|__SMQ_GOOGLE_STATE__||g' docker/.env @sed -i 's|__CUBE_PUBLIC_URL__|localhost|g' docker/.env - @sed -i 's|^TRAEFIK_HTTP_PORT=.*|TRAEFIK_HTTP_PORT=49210|g' docker/.env - @sed -i 's|^TRAEFIK_HTTPS_PORT=.*|TRAEFIK_HTTPS_PORT=49211|g' docker/.env - @sed -i 's|^TRAEFIK_DASHBOARD_PORT=.*|TRAEFIK_DASHBOARD_PORT=49212|g' docker/.env + @sed -i 's|^TRAEFIK_HTTP_PORT=.*|TRAEFIK_HTTP_PORT=80|g' docker/.env + @sed -i 's|^TRAEFIK_HTTPS_PORT=.*|TRAEFIK_HTTPS_PORT=443|g' docker/.env + @sed -i 's|^TRAEFIK_DASHBOARD_PORT=.*|TRAEFIK_DASHBOARD_PORT=8080|g' docker/.env @echo "✓ Configured with local defaults" .PHONY: restore-cloud-config diff --git a/README.md b/README.md index ff59578..ce26064 100644 --- a/README.md +++ b/README.md @@ -93,8 +93,8 @@ Cube AI uses TEEs to protect user data and AI models from unauthorized access. T **Local Development Access:** - UI: http://localhost:6193 - - Traefik Gateway: https://localhost:49211 - - Traefik Dashboard: http://localhost:49212 + - Traefik Gateway: https://localhost (port 443) + - Traefik Dashboard: http://localhost:8080 **Cloud Deployment:** Cloud deployment is automated via GitHub Actions workflow (`.github/workflows/deploy-cloud.yaml`). @@ -105,7 +105,7 @@ Cube AI uses TEEs to protect user data and AI models from unauthorized access. T All API requests require JWT authentication. Once services are running, obtain a token: ```bash - curl -ksSiX POST https://localhost:49211/users/tokens/issue \ + curl -ksSiX POST https://localhost/users/tokens/issue \ -H "Content-Type: application/json" \ -d '{ "username": "admin@example.com", @@ -127,7 +127,7 @@ Cube AI uses TEEs to protect user data and AI models from unauthorized access. T All API requests require a domain ID in the URL path. You can fetch a domain ID from the UI or create one via the API: ```bash - curl -ksSiX POST https://localhost:49211/domains \ + curl -ksSiX POST https://localhost/domains \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \ -d '{ @@ -169,14 +169,14 @@ Cube AI uses TEEs to protect user data and AI models from unauthorized access. T List available models (replace `YOUR_DOMAIN_ID` with the domain ID from step 4): ```bash - curl -k https://localhost:49211/proxy/YOUR_DOMAIN_ID/v1/models \ + curl -k https://localhost/proxy/YOUR_DOMAIN_ID/v1/models \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" ``` 6. **Make your first AI request** ```bash - curl -k https://localhost:49211/proxy/YOUR_DOMAIN_ID/v1/chat/completions \ + curl -k https://localhost/proxy/YOUR_DOMAIN_ID/v1/chat/completions \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \ -d '{ @@ -195,7 +195,7 @@ Cube AI uses TEEs to protect user data and AI models from unauthorized access. T Cube AI exposes all services through a Traefik reverse proxy. All protected endpoints require the `Authorization: Bearer ` header with a valid JWT token. **Local Development Access:** -- Via Traefik HTTPS: `https://localhost:49211` (recommended) +- Via Traefik HTTPS: `https://localhost` (port 443, recommended) - Direct UI access: `http://localhost:6193` **Cloud Deployment Access:** @@ -203,7 +203,7 @@ Cube AI exposes all services through a Traefik reverse proxy. All protected endp ### Proxy Endpoints (OpenAI-Compatible) -**Base URL (Local):** `https://localhost:49211/proxy/` +**Base URL (Local):** `https://localhost/proxy/` **Base URL (Cloud):** `https://your-domain.com/proxy/` Replace `{domainID}` with your domain ID from the Getting Started section. @@ -233,19 +233,19 @@ Example: ```bash # OpenAI-compatible endpoint -curl -k https://localhost:49211/proxy/YOUR_DOMAIN_ID/v1/chat/completions \ +curl -k https://localhost/proxy/YOUR_DOMAIN_ID/v1/chat/completions \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d '{"model":"tinyllama:1.1b","messages":[{"role":"user","content":"Hello"}]}' # Ollama API endpoint -curl -k https://localhost:49211/proxy/YOUR_DOMAIN_ID/api/tags \ +curl -k https://localhost/proxy/YOUR_DOMAIN_ID/api/tags \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" ``` ### Auth Endpoints -**Base URL (Local):** `https://localhost:49211/users` +**Base URL (Local):** `https://localhost/users` **Base URL (Cloud):** `https://your-domain.com/users` | Method | Path | Description | @@ -259,7 +259,7 @@ curl -k https://localhost:49211/proxy/YOUR_DOMAIN_ID/api/tags \ Example: ```bash -curl -ksSiX POST https://localhost:49211/users/tokens/issue \ +curl -ksSiX POST https://localhost/users/tokens/issue \ -H "Content-Type: application/json" \ -d '{ "username": "admin@example.com", @@ -269,7 +269,7 @@ curl -ksSiX POST https://localhost:49211/users/tokens/issue \ ### Domains Endpoints -**Base URL (Local):** `https://localhost:49211/domains` +**Base URL (Local):** `https://localhost/domains` **Base URL (Cloud):** `https://your-domain.com/domains` | Method | Path | Description | @@ -285,7 +285,7 @@ curl -ksSiX POST https://localhost:49211/users/tokens/issue \ Example: ```bash -curl -ksSiX POST https://localhost:49211/domains \ +curl -ksSiX POST https://localhost/domains \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \ -d '{ From c8fbbe30bfe5c12c461add1f61c8c7d17601e8b9 Mon Sep 17 00:00:00 2001 From: WashingtonKK Date: Fri, 13 Feb 2026 15:38:44 +0300 Subject: [PATCH 6/9] refactor makefile Signed-off-by: Washington Oganda Signed-off-by: WashingtonKK --- Makefile | 16 ++++++++-------- README.md | 8 +++----- docker/.env | 10 ---------- docker/supermq-compose.yaml | 2 -- 4 files changed, 11 insertions(+), 25 deletions(-) diff --git a/Makefile b/Makefile index 1898b80..87a7787 100644 --- a/Makefile +++ b/Makefile @@ -166,7 +166,7 @@ disable-atls: @echo "✓ Attested TLS disabled" .PHONY: up -up: config-cloud-local enable-guardrails config-backend disable-atls +up: config-local enable-guardrails config-backend disable-atls ifeq ($(AI_BACKEND),vllm) @$(MAKE) up-vllm else @@ -181,9 +181,9 @@ else @$(MAKE) up-ollama endif -.PHONY: config-cloud-local -config-cloud-local: - @echo "Configuring cloud deployment for local environment..." +.PHONY: config-local +config-local: + @echo "Configuring for local development..." @git checkout -- docker/.env docker/traefik/dynamic.toml docker/config.json 2>/dev/null || true @sed -i 's|__SMQ_EMAIL_HOST__|localhost|g' docker/.env @sed -i 's|__SMQ_EMAIL_PORT__|1025|g' docker/.env @@ -202,9 +202,9 @@ config-cloud-local: @sed -i 's|^TRAEFIK_DASHBOARD_PORT=.*|TRAEFIK_DASHBOARD_PORT=8080|g' docker/.env @echo "✓ Configured with local defaults" -.PHONY: restore-cloud-config -restore-cloud-config: - @echo "Restoring cloud deployment placeholders..." +.PHONY: restore-config +restore-config: + @echo "Restoring configuration placeholders..." @git checkout -- docker/.env docker/traefik/dynamic.toml docker/config.json 2>/dev/null && \ echo "✓ Restored from git" || echo "⚠ git restore failed, files may not be tracked" @@ -310,7 +310,7 @@ help: @echo "" @echo "Cloud Configuration Commands:" @echo " config-cloud-local Configure cloud deployment with localhost defaults" - @echo " restore-cloud-config Restore placeholder values in cloud config files" + @echo " restore-config Restore placeholder values in config files" @echo "" @echo "Logs:" @echo " logs Show all logs" diff --git a/README.md b/README.md index ce26064..7e7f35d 100644 --- a/README.md +++ b/README.md @@ -92,9 +92,8 @@ Cube AI uses TEEs to protect user data and AI models from unauthorized access. T ``` **Local Development Access:** - - UI: http://localhost:6193 - - Traefik Gateway: https://localhost (port 443) - - Traefik Dashboard: http://localhost:8080 + - Traefik Gateway: https://localhost (ports 80/443) + - All services accessible through Traefik reverse proxy **Cloud Deployment:** Cloud deployment is automated via GitHub Actions workflow (`.github/workflows/deploy-cloud.yaml`). @@ -195,8 +194,7 @@ Cube AI uses TEEs to protect user data and AI models from unauthorized access. T Cube AI exposes all services through a Traefik reverse proxy. All protected endpoints require the `Authorization: Bearer ` header with a valid JWT token. **Local Development Access:** -- Via Traefik HTTPS: `https://localhost` (port 443, recommended) -- Direct UI access: `http://localhost:6193` +- Via Traefik HTTPS: `https://localhost` (port 443) **Cloud Deployment Access:** - Via Traefik HTTPS: `https://your-domain.com` diff --git a/docker/.env b/docker/.env index 6961b36..a392d9a 100644 --- a/docker/.env +++ b/docker/.env @@ -262,13 +262,3 @@ UV_GUARDRAILS_DB_NAME=guardrails TRAEFIK_HTTP_PORT=__TRAEFIK_HTTP_PORT__ TRAEFIK_HTTPS_PORT=__TRAEFIK_HTTPS_PORT__ TRAEFIK_DASHBOARD_PORT=__TRAEFIK_DASHBOARD_PORT__ - -## Optional Services (Groups, Channels, Clients) -## These variables are referenced by the domains service but the services may not be deployed -SMQ_GROUPS_GRPC_URL= -SMQ_GROUPS_GRPC_TIMEOUT= -SMQ_CHANNELS_URL= -SMQ_CHANNELS_GRPC_URL= -SMQ_CHANNELS_GRPC_TIMEOUT= -SMQ_CLIENTS_GRPC_URL= -SMQ_CLIENTS_GRPC_TIMEOUT= diff --git a/docker/supermq-compose.yaml b/docker/supermq-compose.yaml index 88e9d07..5527111 100644 --- a/docker/supermq-compose.yaml +++ b/docker/supermq-compose.yaml @@ -318,8 +318,6 @@ services: - domains networks: - cube-network - ports: - - ${UI_PORT}:${UI_PORT} environment: PORT: ${UI_PORT} RUNTIME_ENV: ${UV_RUNTIME_ENV} From d2af35f25a4f2655b96112494152678e8f97ff44 Mon Sep 17 00:00:00 2001 From: WashingtonKK Date: Fri, 13 Feb 2026 16:29:24 +0300 Subject: [PATCH 7/9] refactor makefile Signed-off-by: Washington Oganda Signed-off-by: WashingtonKK --- Makefile | 2 +- README.md | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 87a7787..cee5842 100644 --- a/Makefile +++ b/Makefile @@ -216,7 +216,7 @@ down: .PHONY: down-volumes down-volumes: @echo "Stopping all Cube services and removing volumes..." - docker compose -f docker/compose.yaml --profile cloud --profile vllm down -v + docker compose -f docker/compose.yaml down -v .PHONY: restart restart: down up diff --git a/README.md b/README.md index 7e7f35d..5b74976 100644 --- a/README.md +++ b/README.md @@ -95,10 +95,6 @@ Cube AI uses TEEs to protect user data and AI models from unauthorized access. T - Traefik Gateway: https://localhost (ports 80/443) - All services accessible through Traefik reverse proxy - **Cloud Deployment:** - Cloud deployment is automated via GitHub Actions workflow (`.github/workflows/deploy-cloud.yaml`). - The workflow handles configuration, secret injection, and service deployment automatically. - 3. **Get your authentication token** All API requests require JWT authentication. Once services are running, obtain a token: From e0ecde8b8ce9552c498d87c6b3d3a86fddde1a04 Mon Sep 17 00:00:00 2001 From: WashingtonKK Date: Fri, 13 Feb 2026 16:40:44 +0300 Subject: [PATCH 8/9] refactor makefile Signed-off-by: Washington Oganda Signed-off-by: WashingtonKK --- docker/.env | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docker/.env b/docker/.env index a392d9a..2ee52fa 100644 --- a/docker/.env +++ b/docker/.env @@ -262,3 +262,12 @@ UV_GUARDRAILS_DB_NAME=guardrails TRAEFIK_HTTP_PORT=__TRAEFIK_HTTP_PORT__ TRAEFIK_HTTPS_PORT=__TRAEFIK_HTTPS_PORT__ TRAEFIK_DASHBOARD_PORT=__TRAEFIK_DASHBOARD_PORT__ + +## Optional Services (not deployed in Cube, but referenced by domains service) +SMQ_GROUPS_GRPC_URL= +SMQ_GROUPS_GRPC_TIMEOUT= +SMQ_CHANNELS_URL= +SMQ_CHANNELS_GRPC_URL= +SMQ_CHANNELS_GRPC_TIMEOUT= +SMQ_CLIENTS_GRPC_URL= +SMQ_CLIENTS_GRPC_TIMEOUT= From 4c04fc36ba7395ea2671733a644a94c48bfb6d0c Mon Sep 17 00:00:00 2001 From: WashingtonKK Date: Fri, 13 Feb 2026 16:43:04 +0300 Subject: [PATCH 9/9] refactor makefile Signed-off-by: Washington Oganda Signed-off-by: WashingtonKK --- docker/.env | 9 --------- docker/supermq-compose.yaml | 16 ---------------- 2 files changed, 25 deletions(-) diff --git a/docker/.env b/docker/.env index 2ee52fa..a392d9a 100644 --- a/docker/.env +++ b/docker/.env @@ -262,12 +262,3 @@ UV_GUARDRAILS_DB_NAME=guardrails TRAEFIK_HTTP_PORT=__TRAEFIK_HTTP_PORT__ TRAEFIK_HTTPS_PORT=__TRAEFIK_HTTPS_PORT__ TRAEFIK_DASHBOARD_PORT=__TRAEFIK_DASHBOARD_PORT__ - -## Optional Services (not deployed in Cube, but referenced by domains service) -SMQ_GROUPS_GRPC_URL= -SMQ_GROUPS_GRPC_TIMEOUT= -SMQ_CHANNELS_URL= -SMQ_CHANNELS_GRPC_URL= -SMQ_CHANNELS_GRPC_TIMEOUT= -SMQ_CLIENTS_GRPC_URL= -SMQ_CLIENTS_GRPC_TIMEOUT= diff --git a/docker/supermq-compose.yaml b/docker/supermq-compose.yaml index 5527111..7359ea5 100644 --- a/docker/supermq-compose.yaml +++ b/docker/supermq-compose.yaml @@ -424,22 +424,6 @@ services: SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt} SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key} SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} - SMQ_GROUPS_GRPC_URL: ${SMQ_GROUPS_GRPC_URL} - SMQ_GROUPS_GRPC_TIMEOUT: ${SMQ_GROUPS_GRPC_TIMEOUT} - SMQ_GROUPS_GRPC_CLIENT_CERT: ${SMQ_GROUPS_GRPC_CLIENT_CERT:+/groups-grpc-client.crt} - SMQ_GROUPS_GRPC_CLIENT_KEY: ${SMQ_GROUPS_GRPC_CLIENT_KEY:+/groups-grpc-client.key} - SMQ_GROUPS_GRPC_SERVER_CA_CERTS: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt} - SMQ_CHANNELS_URL: ${SMQ_CHANNELS_URL} - SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL} - SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT} - SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt} - SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key} - SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt} - SMQ_CLIENTS_GRPC_URL: ${SMQ_CLIENTS_GRPC_URL} - SMQ_CLIENTS_GRPC_TIMEOUT: ${SMQ_CLIENTS_GRPC_TIMEOUT} - SMQ_CLIENTS_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:+/clients-grpc-client.crt} - SMQ_CLIENTS_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:+/clients-grpc-client.key} - SMQ_CLIENTS_GRPC_R_CA_CERTS: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt} SMQ_AUTH_KEYS_ALGORITHM: ${SMQ_AUTH_KEYS_ALGORITHM} SMQ_AUTH_JWKS_URL: ${SMQ_AUTH_JWKS_URL} SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}