mirror of
https://github.com/azaion/satellite-provider.git
synced 2026-06-21 06:51:13 +00:00
Oleksandr Bezdieniezhnykh
c74a2339aa
Kestrel with HttpProtocols.Http1AndHttp2 on a plaintext listener silently downgrades to HTTP/1.1-only (logs "HTTP/2 is not enabled ... TLS is not enabled"), so AC-5's multiplexed-GET test failed with HTTP_1_1_REQUIRED. ALPN cannot run over plaintext, so the fix switches the dev listener to TLS on https://+:8080: - scripts/run-tests.sh generates a self-signed dev cert idempotently (./certs/api.pfx + api.crt) via openssl in an alpine container; certs/ is gitignored. - docker-compose.yml binds Kestrel to ASPNETCORE_URLS=https://+:8080 with Kestrel__Certificates__Default__Path bound to the .pfx. - docker-compose.tests.yml mounts api.crt into the integration-tests container's CA store and runs update-ca-certificates so HttpClient trusts the cert transparently; default API_URL is now https://api:8080. - Drop the obsolete Http2UnencryptedSupport AppContext switch from Http2MultiplexingTests; ALPN over TLS handles negotiation. Test-data fixes caught on the post-TLS rerun (independent of the TLS switch but surfaced together): - Http2MultiplexingTests: switch slippy coords from (154321, 95812) -- which Google Maps returns 404 for -- to (158485, 91707), the slippy projection of (47.461747, 37.647063) already exercised by JwtIntegrationTests. - TileInventoryTests + LeafletPathIndexOnlyTests: SpecifyKind to Unspecified at the binding site for raw Npgsql seed paths writing into tiles.captured_at / created_at / updated_at (TIMESTAMP without tz). Npgsql v6+ refuses Kind=Utc into plain timestamp columns; production goes through Dapper and never hits this code path. - MigrationTests Az503NewUniqueIndexCoversIntegerKeyAndFlightId: accept either idx_tiles_location_hash (migration 014) or its AZ-505 successor tiles_leaflet_path (migration 015) -- both have location_hash as the leading column, which is the AC-9 intent. Docs updated to reflect the TLS+ALPN path: tile-inventory.md Non-Goals, modules/api_program.md, module-layout.md, the AZ-505 task spec's Risk 3, and the cycle 6 implementation + completeness reports. The full integration test suite passes (mode=full, exit 0). Co-authored-by: Cursor <cursoragent@cursor.com>
54 lines
1.7 KiB
YAML
54 lines
1.7 KiB
YAML
services:
|
|
postgres:
|
|
image: postgres:16
|
|
container_name: satellite-provider-postgres
|
|
environment:
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: postgres
|
|
POSTGRES_DB: satelliteprovider
|
|
ports:
|
|
- "5432:5432"
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U postgres"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
api:
|
|
build:
|
|
context: .
|
|
dockerfile: SatelliteProvider.Api/Dockerfile
|
|
container_name: satellite-provider-api
|
|
ports:
|
|
- "18980:8080"
|
|
- "18981:8081"
|
|
# AZ-505 AC-5: HTTPS is required for HTTP/2 via ALPN (Kestrel silently
|
|
# disables HTTP/2 on plaintext endpoints). The cert is self-signed,
|
|
# dev-only — generated by scripts/run-tests.sh and gitignored under
|
|
# ./certs/. The integration-tests container installs the matching
|
|
# public cert into its OS CA store so every HttpClient trusts it.
|
|
environment:
|
|
- ASPNETCORE_ENVIRONMENT=Development
|
|
- ASPNETCORE_URLS=https://+:8080
|
|
- ASPNETCORE_Kestrel__Certificates__Default__Path=/app/certs/api.pfx
|
|
- ASPNETCORE_Kestrel__Certificates__Default__Password=satellite-dev-cert
|
|
- ConnectionStrings__DefaultConnection=Host=postgres;Port=5432;Database=satelliteprovider;Username=postgres;Password=postgres
|
|
- MapConfig__ApiKey=${GOOGLE_MAPS_API_KEY}
|
|
- JWT_SECRET=${JWT_SECRET}
|
|
- JWT_ISSUER=${JWT_ISSUER}
|
|
- JWT_AUDIENCE=${JWT_AUDIENCE}
|
|
volumes:
|
|
- ./tiles:/app/tiles
|
|
- ./ready:/app/ready
|
|
- ./logs:/app/logs
|
|
- ./certs/api.pfx:/app/certs/api.pfx:ro
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
|
|
volumes:
|
|
postgres_data:
|
|
|