refactor: JobEngine cleanup + crypto compose refactor + sprint plans + timeline merge prep
- Remove zombie JobEngine WebService (no container runs it) - Remove dangling STELLAOPS_JOBENGINE_URL, replace with RELEASE_ORCHESTRATOR_URL - Update Timeline audit paths to release-orchestrator - Extract smremote to docker-compose.crypto-provider.smremote.yml - Rename crypto compose files for consistent naming - Add crypto provider health probe API (CP-001) + tenant preferences (CP-002) - Create sprint plans: crypto picker, VulnExplorer merge, scheduler plugins - Timeline merge prep: ingestion worker relocated to infrastructure lib Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
@@ -52,11 +52,19 @@ Consolidated Docker Compose configuration for the StellaOps platform. All profil
|
||||
|
||||
### Crypto Provider Overlays
|
||||
|
||||
Each crypto provider is an optional compose overlay:
|
||||
- `docker-compose.crypto-provider.smremote.yml` -- Chinese ShangMi (SM2/SM3/SM4) microservice (extracted from main stack)
|
||||
- `docker-compose.crypto-provider.cryptopro.yml` -- Russian GOST via CryptoPro CSP
|
||||
- `docker-compose.crypto-provider.crypto-sim.yml` -- Universal crypto simulator for dev/test
|
||||
|
||||
Usage: `docker compose -f docker-compose.stella-ops.yml -f docker-compose.crypto-provider.smremote.yml up -d`
|
||||
|
||||
| File | Purpose | Use Case |
|
||||
|------|---------|----------|
|
||||
| `docker-compose.crypto-sim.yml` | Universal crypto simulation | Testing without licensed crypto |
|
||||
| `docker-compose.cryptopro.yml` | CryptoPro CSP (real GOST) | Production Russia deployments |
|
||||
| `docker-compose.sm-remote.yml` | SM Remote service (real SM2) | Production China deployments |
|
||||
| `docker-compose.crypto-provider.smremote.yml` | SmRemote microservice (SM2/SM3/SM4) | China deployments (router-integrated) |
|
||||
| `docker-compose.crypto-provider.cryptopro.yml` | CryptoPro CSP (real GOST) | Production Russia deployments |
|
||||
| `docker-compose.crypto-provider.crypto-sim.yml` | Universal crypto simulation | Testing without licensed crypto |
|
||||
| `docker-compose.sm-remote.yml` | Standalone SM Remote with HSM support | China production with OSCCA-certified HSM |
|
||||
|
||||
### Additional Overlays
|
||||
|
||||
@@ -435,17 +443,17 @@ PLAYWRIGHT_BASE_URL=https://stella-ops.local \
|
||||
```bash
|
||||
docker compose -f docker-compose.stella-ops.yml \
|
||||
-f docker-compose.compliance-china.yml \
|
||||
-f docker-compose.crypto-sim.yml up -d
|
||||
-f docker-compose.crypto-provider.crypto-sim.yml up -d
|
||||
```
|
||||
|
||||
**For Production (real SM crypto):**
|
||||
```bash
|
||||
docker compose -f docker-compose.stella-ops.yml \
|
||||
-f docker-compose.compliance-china.yml \
|
||||
-f docker-compose.sm-remote.yml up -d
|
||||
-f docker-compose.crypto-provider.smremote.yml up -d
|
||||
```
|
||||
|
||||
**With OSCCA-certified HSM:**
|
||||
**With standalone SM Remote + OSCCA-certified HSM:**
|
||||
```bash
|
||||
# Set HSM connection details in environment
|
||||
export SM_REMOTE_HSM_URL="https://sm-hsm.example.com:8900"
|
||||
@@ -469,7 +477,7 @@ docker compose -f docker-compose.stella-ops.yml \
|
||||
```bash
|
||||
docker compose -f docker-compose.stella-ops.yml \
|
||||
-f docker-compose.compliance-russia.yml \
|
||||
-f docker-compose.crypto-sim.yml up -d
|
||||
-f docker-compose.crypto-provider.crypto-sim.yml up -d
|
||||
```
|
||||
|
||||
**For Production (CryptoPro CSP):**
|
||||
@@ -477,7 +485,7 @@ docker compose -f docker-compose.stella-ops.yml \
|
||||
# CryptoPro requires EULA acceptance
|
||||
CRYPTOPRO_ACCEPT_EULA=1 docker compose -f docker-compose.stella-ops.yml \
|
||||
-f docker-compose.compliance-russia.yml \
|
||||
-f docker-compose.cryptopro.yml up -d
|
||||
-f docker-compose.crypto-provider.cryptopro.yml up -d
|
||||
```
|
||||
|
||||
**Requirements for CryptoPro:**
|
||||
@@ -498,7 +506,7 @@ CRYPTOPRO_ACCEPT_EULA=1 docker compose -f docker-compose.stella-ops.yml \
|
||||
```bash
|
||||
docker compose -f docker-compose.stella-ops.yml \
|
||||
-f docker-compose.compliance-eu.yml \
|
||||
-f docker-compose.crypto-sim.yml up -d
|
||||
-f docker-compose.crypto-provider.crypto-sim.yml up -d
|
||||
```
|
||||
|
||||
**For Production:**
|
||||
@@ -518,7 +526,7 @@ docker compose -f docker-compose.stella-ops.yml \
|
||||
|
||||
## Crypto Simulation Details
|
||||
|
||||
The `docker-compose.crypto-sim.yml` overlay provides a unified simulation service for all sovereign crypto profiles:
|
||||
The `docker-compose.crypto-provider.crypto-sim.yml` overlay provides a unified simulation service for all sovereign crypto profiles:
|
||||
|
||||
| Algorithm ID | Simulation | Use Case |
|
||||
|--------------|------------|----------|
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
# With CryptoPro CSP:
|
||||
# docker compose -f devops/compose/docker-compose.stella-ops.yml \
|
||||
# -f devops/compose/docker-compose.compliance-russia.yml \
|
||||
# -f devops/compose/docker-compose.cryptopro.yml up -d
|
||||
# -f devops/compose/docker-compose.crypto-provider.cryptopro.yml up -d
|
||||
#
|
||||
# Cryptography:
|
||||
# - GOST R 34.10-2012: Digital signature
|
||||
|
||||
@@ -1,119 +0,0 @@
|
||||
# =============================================================================
|
||||
# STELLA OPS - CRYPTO SIMULATION OVERLAY
|
||||
# =============================================================================
|
||||
# Universal crypto simulation service for testing sovereign crypto without
|
||||
# licensed hardware or certified modules.
|
||||
#
|
||||
# This overlay provides the sim-crypto-service which simulates:
|
||||
# - GOST R 34.10-2012 (Russia): GOST12-256, GOST12-512, ru.magma.sim, ru.kuznyechik.sim
|
||||
# - SM2/SM3/SM4 (China): SM2, sm.sim, sm2.sim
|
||||
# - Post-Quantum: DILITHIUM3, FALCON512, pq.sim
|
||||
# - FIPS/eIDAS/KCMVP: fips.sim, eidas.sim, kcmvp.sim, world.sim
|
||||
#
|
||||
# Usage with China compliance:
|
||||
# docker compose -f docker-compose.stella-ops.yml \
|
||||
# -f docker-compose.compliance-china.yml \
|
||||
# -f docker-compose.crypto-sim.yml up -d
|
||||
#
|
||||
# Usage with Russia compliance:
|
||||
# docker compose -f docker-compose.stella-ops.yml \
|
||||
# -f docker-compose.compliance-russia.yml \
|
||||
# -f docker-compose.crypto-sim.yml up -d
|
||||
#
|
||||
# Usage with EU compliance:
|
||||
# docker compose -f docker-compose.stella-ops.yml \
|
||||
# -f docker-compose.compliance-eu.yml \
|
||||
# -f docker-compose.crypto-sim.yml up -d
|
||||
#
|
||||
# IMPORTANT: This is for TESTING/DEVELOPMENT ONLY.
|
||||
# - Uses deterministic HMAC-SHA256 for SM/GOST/PQ (not real algorithms)
|
||||
# - Uses static ECDSA P-256 key for FIPS/eIDAS/KCMVP
|
||||
# - NOT suitable for production or compliance certification
|
||||
#
|
||||
# =============================================================================
|
||||
|
||||
x-crypto-sim-labels: &crypto-sim-labels
|
||||
com.stellaops.component: "crypto-sim"
|
||||
com.stellaops.profile: "simulation"
|
||||
com.stellaops.production: "false"
|
||||
|
||||
x-sim-crypto-env: &sim-crypto-env
|
||||
STELLAOPS_CRYPTO_ENABLE_SIM: "1"
|
||||
STELLAOPS_CRYPTO_SIM_URL: "http://sim-crypto:8080"
|
||||
|
||||
networks:
|
||||
stellaops:
|
||||
external: true
|
||||
name: stellaops
|
||||
|
||||
services:
|
||||
# ---------------------------------------------------------------------------
|
||||
# Sim Crypto Service - Universal sovereign crypto simulator
|
||||
# ---------------------------------------------------------------------------
|
||||
sim-crypto:
|
||||
build:
|
||||
context: ../services/crypto/sim-crypto-service
|
||||
dockerfile: Dockerfile
|
||||
image: registry.stella-ops.org/stellaops/sim-crypto:dev
|
||||
container_name: stellaops-sim-crypto
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
ASPNETCORE_URLS: "http://0.0.0.0:8080"
|
||||
ASPNETCORE_ENVIRONMENT: "Development"
|
||||
ports:
|
||||
- "${SIM_CRYPTO_PORT:-18090}:8080"
|
||||
networks:
|
||||
- stellaops
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost:8080/keys"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 10s
|
||||
labels: *crypto-sim-labels
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Override services to use sim-crypto
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
# Authority - Enable sim crypto
|
||||
authority:
|
||||
environment:
|
||||
<<: *sim-crypto-env
|
||||
labels:
|
||||
com.stellaops.crypto.simulator: "enabled"
|
||||
|
||||
# Signer - Enable sim crypto
|
||||
signer:
|
||||
environment:
|
||||
<<: *sim-crypto-env
|
||||
labels:
|
||||
com.stellaops.crypto.simulator: "enabled"
|
||||
|
||||
# Attestor - Enable sim crypto
|
||||
attestor:
|
||||
environment:
|
||||
<<: *sim-crypto-env
|
||||
labels:
|
||||
com.stellaops.crypto.simulator: "enabled"
|
||||
|
||||
# Scanner Web - Enable sim crypto
|
||||
scanner-web:
|
||||
environment:
|
||||
<<: *sim-crypto-env
|
||||
labels:
|
||||
com.stellaops.crypto.simulator: "enabled"
|
||||
|
||||
# Scanner Worker - Enable sim crypto
|
||||
scanner-worker:
|
||||
environment:
|
||||
<<: *sim-crypto-env
|
||||
labels:
|
||||
com.stellaops.crypto.simulator: "enabled"
|
||||
|
||||
# Excititor - Enable sim crypto
|
||||
excititor:
|
||||
environment:
|
||||
<<: *sim-crypto-env
|
||||
labels:
|
||||
com.stellaops.crypto.simulator: "enabled"
|
||||
@@ -1,149 +0,0 @@
|
||||
# =============================================================================
|
||||
# STELLA OPS - CRYPTOPRO CSP OVERLAY (Russia)
|
||||
# =============================================================================
|
||||
# CryptoPro CSP licensed provider overlay for compliance-russia.yml.
|
||||
# Adds real CryptoPro CSP service for certified GOST R 34.10-2012 operations.
|
||||
#
|
||||
# IMPORTANT: Requires EULA acceptance before use.
|
||||
#
|
||||
# Usage (MUST be combined with stella-ops AND compliance-russia):
|
||||
# CRYPTOPRO_ACCEPT_EULA=1 docker compose \
|
||||
# -f docker-compose.stella-ops.yml \
|
||||
# -f docker-compose.compliance-russia.yml \
|
||||
# -f docker-compose.cryptopro.yml up -d
|
||||
#
|
||||
# For development/testing without CryptoPro license, use crypto-sim.yml instead:
|
||||
# docker compose \
|
||||
# -f docker-compose.stella-ops.yml \
|
||||
# -f docker-compose.compliance-russia.yml \
|
||||
# -f docker-compose.crypto-sim.yml up -d
|
||||
#
|
||||
# Requirements:
|
||||
# - CryptoPro CSP license files in opt/cryptopro/downloads/
|
||||
# - CRYPTOPRO_ACCEPT_EULA=1 environment variable
|
||||
# - CryptoPro container images with GOST engine
|
||||
#
|
||||
# GOST Algorithms Provided:
|
||||
# - GOST R 34.10-2012: Digital signature (256/512-bit)
|
||||
# - GOST R 34.11-2012: Hash function (Streebog, 256/512-bit)
|
||||
# - GOST R 34.12-2015: Block cipher (Kuznyechik, Magma)
|
||||
#
|
||||
# =============================================================================
|
||||
|
||||
x-cryptopro-labels: &cryptopro-labels
|
||||
com.stellaops.component: "cryptopro-csp"
|
||||
com.stellaops.crypto.provider: "cryptopro"
|
||||
com.stellaops.crypto.profile: "russia"
|
||||
com.stellaops.crypto.certified: "true"
|
||||
|
||||
x-cryptopro-env: &cryptopro-env
|
||||
STELLAOPS_CRYPTO_PROVIDERS: "cryptopro.gost"
|
||||
STELLAOPS_CRYPTO_CRYPTOPRO_URL: "http://cryptopro-csp:8080"
|
||||
STELLAOPS_CRYPTO_CRYPTOPRO_ENABLED: "true"
|
||||
|
||||
networks:
|
||||
stellaops:
|
||||
external: true
|
||||
name: stellaops
|
||||
|
||||
services:
|
||||
# ---------------------------------------------------------------------------
|
||||
# CryptoPro CSP - Certified GOST cryptography provider
|
||||
# ---------------------------------------------------------------------------
|
||||
cryptopro-csp:
|
||||
build:
|
||||
context: ../..
|
||||
dockerfile: devops/services/cryptopro/linux-csp-service/Dockerfile
|
||||
args:
|
||||
CRYPTOPRO_ACCEPT_EULA: "${CRYPTOPRO_ACCEPT_EULA:-0}"
|
||||
image: registry.stella-ops.org/stellaops/cryptopro-csp:2025.10.0
|
||||
container_name: stellaops-cryptopro-csp
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
ASPNETCORE_URLS: "http://0.0.0.0:8080"
|
||||
CRYPTOPRO_ACCEPT_EULA: "${CRYPTOPRO_ACCEPT_EULA:-0}"
|
||||
# GOST algorithm configuration
|
||||
CRYPTOPRO_GOST_SIGNATURE_ALGORITHM: "GOST R 34.10-2012"
|
||||
CRYPTOPRO_GOST_HASH_ALGORITHM: "GOST R 34.11-2012"
|
||||
# Container and key store settings
|
||||
CRYPTOPRO_CONTAINER_NAME: "${CRYPTOPRO_CONTAINER_NAME:-stellaops-signing}"
|
||||
CRYPTOPRO_USE_MACHINE_STORE: "${CRYPTOPRO_USE_MACHINE_STORE:-true}"
|
||||
CRYPTOPRO_PROVIDER_TYPE: "${CRYPTOPRO_PROVIDER_TYPE:-80}"
|
||||
volumes:
|
||||
- ../../opt/cryptopro/downloads:/opt/cryptopro/downloads:ro
|
||||
- ../../etc/cryptopro:/app/etc/cryptopro:ro
|
||||
# Optional: Mount key containers
|
||||
- cryptopro-keys:/var/opt/cprocsp/keys
|
||||
ports:
|
||||
- "${CRYPTOPRO_PORT:-18080}:8080"
|
||||
networks:
|
||||
- stellaops
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost:8080/health"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 30s
|
||||
labels: *cryptopro-labels
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Override services to use CryptoPro
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
# Authority - Use CryptoPro for GOST signatures
|
||||
authority:
|
||||
environment:
|
||||
<<: *cryptopro-env
|
||||
depends_on:
|
||||
- cryptopro-csp
|
||||
labels:
|
||||
com.stellaops.crypto.provider: "cryptopro"
|
||||
|
||||
# Signer - Use CryptoPro for GOST signatures
|
||||
signer:
|
||||
environment:
|
||||
<<: *cryptopro-env
|
||||
depends_on:
|
||||
- cryptopro-csp
|
||||
labels:
|
||||
com.stellaops.crypto.provider: "cryptopro"
|
||||
|
||||
# Attestor - Use CryptoPro for GOST signatures
|
||||
attestor:
|
||||
environment:
|
||||
<<: *cryptopro-env
|
||||
depends_on:
|
||||
- cryptopro-csp
|
||||
labels:
|
||||
com.stellaops.crypto.provider: "cryptopro"
|
||||
|
||||
# Scanner Web - Use CryptoPro for verification
|
||||
scanner-web:
|
||||
environment:
|
||||
<<: *cryptopro-env
|
||||
depends_on:
|
||||
- cryptopro-csp
|
||||
labels:
|
||||
com.stellaops.crypto.provider: "cryptopro"
|
||||
|
||||
# Scanner Worker - Use CryptoPro for verification
|
||||
scanner-worker:
|
||||
environment:
|
||||
<<: *cryptopro-env
|
||||
depends_on:
|
||||
- cryptopro-csp
|
||||
labels:
|
||||
com.stellaops.crypto.provider: "cryptopro"
|
||||
|
||||
# Excititor - Use CryptoPro for VEX signing
|
||||
excititor:
|
||||
environment:
|
||||
<<: *cryptopro-env
|
||||
depends_on:
|
||||
- cryptopro-csp
|
||||
labels:
|
||||
com.stellaops.crypto.provider: "cryptopro"
|
||||
|
||||
volumes:
|
||||
cryptopro-keys:
|
||||
name: stellaops-cryptopro-keys
|
||||
@@ -433,7 +433,8 @@ services:
|
||||
STELLAOPS_POLICY_ENGINE_URL: "http://policy-engine.stella-ops.local"
|
||||
# STELLAOPS_POLICY_GATEWAY_URL removed: gateway merged into policy-engine
|
||||
STELLAOPS_RISKENGINE_URL: "http://riskengine.stella-ops.local"
|
||||
STELLAOPS_JOBENGINE_URL: "http://jobengine.stella-ops.local"
|
||||
# STELLAOPS_JOBENGINE_URL removed: WebService retired; audit/first-signal now served by release-orchestrator
|
||||
STELLAOPS_RELEASE_ORCHESTRATOR_URL: "http://release-orchestrator.stella-ops.local"
|
||||
STELLAOPS_TASKRUNNER_URL: "http://taskrunner.stella-ops.local"
|
||||
STELLAOPS_SCHEDULER_URL: "http://scheduler.stella-ops.local"
|
||||
STELLAOPS_GRAPH_URL: "http://graph.stella-ops.local"
|
||||
@@ -1414,57 +1415,26 @@ services:
|
||||
<<: *healthcheck-tcp
|
||||
labels: *release-labels
|
||||
|
||||
# --- Slot 23: Timeline Indexer ---------------------------------------------
|
||||
timeline-indexer-web:
|
||||
<<: *resources-light
|
||||
image: stellaops/timeline-indexer-web:dev
|
||||
container_name: stellaops-timeline-indexer-web
|
||||
restart: unless-stopped
|
||||
depends_on: *depends-infra
|
||||
environment:
|
||||
ASPNETCORE_URLS: "http://+:8080"
|
||||
<<: [*kestrel-cert, *router-microservice-defaults, *gc-light]
|
||||
ConnectionStrings__Default: *postgres-connection
|
||||
ConnectionStrings__Redis: "cache.stella-ops.local:6379"
|
||||
TIMELINE_Postgres__Timeline__ConnectionString: *postgres-connection
|
||||
Router__Enabled: "${TIMELINE_ROUTER_ENABLED:-true}"
|
||||
Router__Messaging__ConsumerGroup: "timelineindexer"
|
||||
volumes:
|
||||
- *cert-volume
|
||||
ports:
|
||||
- "127.1.0.23:80:80"
|
||||
networks:
|
||||
stellaops:
|
||||
aliases:
|
||||
- timelineindexer.stella-ops.local
|
||||
frontdoor: {}
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/$(hostname)/80'"]
|
||||
<<: *healthcheck-tcp
|
||||
labels: *release-labels
|
||||
# --- Slot 23: Timeline Indexer (MERGED into timeline-web in Slot 24) --------
|
||||
# timeline-indexer-web and timeline-indexer-worker have been merged into
|
||||
# timeline-web. The indexer endpoints, DI services, and background ingestion
|
||||
# worker now run inside the unified timeline-web container.
|
||||
# Network alias timelineindexer.stella-ops.local is preserved on timeline-web
|
||||
# for backwards compatibility.
|
||||
|
||||
timeline-indexer-worker:
|
||||
<<: *resources-light
|
||||
image: stellaops/timeline-indexer-worker:dev
|
||||
container_name: stellaops-timeline-indexer-worker
|
||||
restart: unless-stopped
|
||||
depends_on: *depends-infra
|
||||
environment:
|
||||
<<: [*kestrel-cert, *gc-light]
|
||||
ConnectionStrings__Default: *postgres-connection
|
||||
ConnectionStrings__Redis: "cache.stella-ops.local:6379"
|
||||
TIMELINE_Postgres__Timeline__ConnectionString: *postgres-connection
|
||||
volumes:
|
||||
- *cert-volume
|
||||
healthcheck:
|
||||
<<: *healthcheck-worker
|
||||
networks:
|
||||
stellaops:
|
||||
aliases:
|
||||
- timeline-indexer-worker.stella-ops.local
|
||||
labels: *release-labels
|
||||
# timeline-indexer-web:
|
||||
# <<: *resources-light
|
||||
# image: stellaops/timeline-indexer-web:dev
|
||||
# container_name: stellaops-timeline-indexer-web
|
||||
# ...
|
||||
|
||||
# --- Slot 24: Timeline ----------------------------------------------------
|
||||
# timeline-indexer-worker:
|
||||
# <<: *resources-light
|
||||
# image: stellaops/timeline-indexer-worker:dev
|
||||
# container_name: stellaops-timeline-indexer-worker
|
||||
# ...
|
||||
|
||||
# --- Slot 24: Timeline (unified: includes merged timeline-indexer) ----------
|
||||
timeline-web:
|
||||
<<: *resources-light
|
||||
image: stellaops/timeline-web:dev
|
||||
@@ -1481,6 +1451,7 @@ services:
|
||||
Authority__ResourceServer__Audiences__0: ""
|
||||
Authority__ResourceServer__BypassNetworks__0: "172.19.0.0/16"
|
||||
Authority__ResourceServer__BypassNetworks__1: "172.20.0.0/16"
|
||||
TIMELINE_Postgres__Timeline__ConnectionString: *postgres-connection
|
||||
Router__Enabled: "${TIMELINE_SERVICE_ROUTER_ENABLED:-true}"
|
||||
Router__Messaging__ConsumerGroup: "timeline"
|
||||
volumes:
|
||||
@@ -1491,6 +1462,7 @@ services:
|
||||
stellaops:
|
||||
aliases:
|
||||
- timeline.stella-ops.local
|
||||
- timelineindexer.stella-ops.local
|
||||
frontdoor: {}
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/$(hostname)/80'"]
|
||||
|
||||
@@ -263,11 +263,12 @@ services:
|
||||
STELLAOPS_EXCITITOR_URL: "http://excititor.stella-ops.local"
|
||||
STELLAOPS_VEXHUB_URL: "http://vexhub.stella-ops.local"
|
||||
STELLAOPS_VEXLENS_URL: "http://vexlens.stella-ops.local"
|
||||
STELLAOPS_VULNEXPLORER_URL: "http://vulnexplorer.stella-ops.local"
|
||||
STELLAOPS_VULNEXPLORER_URL: "http://findings.stella-ops.local"
|
||||
STELLAOPS_POLICY_ENGINE_URL: "http://policy-engine.stella-ops.local"
|
||||
# STELLAOPS_POLICY_GATEWAY_URL removed: gateway merged into policy-engine
|
||||
STELLAOPS_RISKENGINE_URL: "http://riskengine.stella-ops.local"
|
||||
STELLAOPS_JOBENGINE_URL: "http://jobengine.stella-ops.local"
|
||||
# STELLAOPS_JOBENGINE_URL removed: WebService retired; audit/first-signal now served by release-orchestrator
|
||||
STELLAOPS_RELEASE_ORCHESTRATOR_URL: "http://release-orchestrator.stella-ops.local"
|
||||
STELLAOPS_TASKRUNNER_URL: "http://taskrunner.stella-ops.local"
|
||||
STELLAOPS_SCHEDULER_URL: "http://scheduler.stella-ops.local"
|
||||
STELLAOPS_GRAPH_URL: "http://graph.stella-ops.local"
|
||||
@@ -807,32 +808,33 @@ services:
|
||||
<<: *healthcheck-tcp
|
||||
labels: *release-labels
|
||||
|
||||
# --- Slot 13: VulnExplorer (api) [src/Findings/StellaOps.VulnExplorer.Api] ---
|
||||
api:
|
||||
<<: *resources-light
|
||||
image: stellaops/api:dev
|
||||
container_name: stellaops-api
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
ASPNETCORE_URLS: "http://+:8080"
|
||||
<<: [*kestrel-cert, *router-microservice-defaults, *gc-light]
|
||||
ConnectionStrings__Default: "${STELLAOPS_POSTGRES_CONNECTION}"
|
||||
ConnectionStrings__Redis: "cache.stella-ops.local:6379"
|
||||
Router__Enabled: "${VULNEXPLORER_ROUTER_ENABLED:-true}"
|
||||
Router__Messaging__ConsumerGroup: "vulnexplorer"
|
||||
volumes:
|
||||
- ${STELLAOPS_CERT_VOLUME}
|
||||
ports:
|
||||
- "127.1.0.13:80:80"
|
||||
networks:
|
||||
stellaops:
|
||||
aliases:
|
||||
- vulnexplorer.stella-ops.local
|
||||
frontdoor: {}
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/$(hostname)/80'"]
|
||||
<<: *healthcheck-tcp
|
||||
labels: *release-labels
|
||||
# --- Slot 13: VulnExplorer (api) - MERGED into findings-ledger-web (SPRINT_20260408_002) ---
|
||||
# VulnExplorer endpoints are now served by the Findings Ledger WebService.
|
||||
# api:
|
||||
# <<: *resources-light
|
||||
# image: stellaops/api:dev
|
||||
# container_name: stellaops-api
|
||||
# restart: unless-stopped
|
||||
# environment:
|
||||
# ASPNETCORE_URLS: "http://+:8080"
|
||||
# <<: [*kestrel-cert, *router-microservice-defaults, *gc-light]
|
||||
# ConnectionStrings__Default: "${STELLAOPS_POSTGRES_CONNECTION}"
|
||||
# ConnectionStrings__Redis: "cache.stella-ops.local:6379"
|
||||
# Router__Enabled: "${VULNEXPLORER_ROUTER_ENABLED:-true}"
|
||||
# Router__Messaging__ConsumerGroup: "vulnexplorer"
|
||||
# volumes:
|
||||
# - ${STELLAOPS_CERT_VOLUME}
|
||||
# ports:
|
||||
# - "127.1.0.13:80:80"
|
||||
# networks:
|
||||
# stellaops:
|
||||
# aliases:
|
||||
# - vulnexplorer.stella-ops.local
|
||||
# frontdoor: {}
|
||||
# healthcheck:
|
||||
# test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/$(hostname)/80'"]
|
||||
# <<: *healthcheck-tcp
|
||||
# labels: *release-labels
|
||||
|
||||
# --- Slot 14: Policy Engine ------------------------------------------------
|
||||
policy-engine:
|
||||
@@ -1198,55 +1200,26 @@ services:
|
||||
<<: *healthcheck-tcp
|
||||
labels: *release-labels
|
||||
|
||||
# --- Slot 23: Timeline Indexer ---------------------------------------------
|
||||
timeline-indexer-web:
|
||||
<<: *resources-light
|
||||
image: stellaops/timeline-indexer-web:dev
|
||||
container_name: stellaops-timeline-indexer-web
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
ASPNETCORE_URLS: "http://+:8080"
|
||||
<<: [*kestrel-cert, *router-microservice-defaults, *gc-light]
|
||||
ConnectionStrings__Default: "${STELLAOPS_POSTGRES_CONNECTION}"
|
||||
ConnectionStrings__Redis: "cache.stella-ops.local:6379"
|
||||
TIMELINE_Postgres__Timeline__ConnectionString: "${STELLAOPS_POSTGRES_CONNECTION}"
|
||||
Router__Enabled: "${TIMELINE_ROUTER_ENABLED:-true}"
|
||||
Router__Messaging__ConsumerGroup: "timelineindexer"
|
||||
volumes:
|
||||
- ${STELLAOPS_CERT_VOLUME}
|
||||
ports:
|
||||
- "127.1.0.23:80:80"
|
||||
networks:
|
||||
stellaops:
|
||||
aliases:
|
||||
- timelineindexer.stella-ops.local
|
||||
frontdoor: {}
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/$(hostname)/80'"]
|
||||
<<: *healthcheck-tcp
|
||||
labels: *release-labels
|
||||
# --- Slot 23: Timeline Indexer (MERGED into timeline-web in Slot 24) --------
|
||||
# timeline-indexer-web and timeline-indexer-worker have been merged into
|
||||
# timeline-web. The indexer endpoints, DI services, and background ingestion
|
||||
# worker now run inside the unified timeline-web container.
|
||||
# Network alias timelineindexer.stella-ops.local is preserved on timeline-web
|
||||
# for backwards compatibility.
|
||||
|
||||
timeline-indexer-worker:
|
||||
<<: *resources-light
|
||||
image: stellaops/timeline-indexer-worker:dev
|
||||
container_name: stellaops-timeline-indexer-worker
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
<<: [*kestrel-cert, *gc-light]
|
||||
ConnectionStrings__Default: "${STELLAOPS_POSTGRES_CONNECTION}"
|
||||
ConnectionStrings__Redis: "cache.stella-ops.local:6379"
|
||||
TIMELINE_Postgres__Timeline__ConnectionString: "${STELLAOPS_POSTGRES_CONNECTION}"
|
||||
volumes:
|
||||
- ${STELLAOPS_CERT_VOLUME}
|
||||
healthcheck:
|
||||
<<: *healthcheck-worker
|
||||
networks:
|
||||
stellaops:
|
||||
aliases:
|
||||
- timeline-indexer-worker.stella-ops.local
|
||||
labels: *release-labels
|
||||
# timeline-indexer-web:
|
||||
# <<: *resources-light
|
||||
# image: stellaops/timeline-indexer-web:dev
|
||||
# container_name: stellaops-timeline-indexer-web
|
||||
# ...
|
||||
|
||||
# --- Slot 24: Timeline ----------------------------------------------------
|
||||
# timeline-indexer-worker:
|
||||
# <<: *resources-light
|
||||
# image: stellaops/timeline-indexer-worker:dev
|
||||
# container_name: stellaops-timeline-indexer-worker
|
||||
# ...
|
||||
|
||||
# --- Slot 24: Timeline (unified: includes merged timeline-indexer) ----------
|
||||
timeline-web:
|
||||
<<: *resources-light
|
||||
image: stellaops/timeline-web:dev
|
||||
@@ -1262,6 +1235,7 @@ services:
|
||||
Authority__ResourceServer__Audiences__0: ""
|
||||
Authority__ResourceServer__BypassNetworks__0: "172.19.0.0/16"
|
||||
Authority__ResourceServer__BypassNetworks__1: "172.20.0.0/16"
|
||||
TIMELINE_Postgres__Timeline__ConnectionString: "${STELLAOPS_POSTGRES_CONNECTION}"
|
||||
Router__Enabled: "${TIMELINE_SERVICE_ROUTER_ENABLED:-true}"
|
||||
Router__Messaging__ConsumerGroup: "timeline"
|
||||
volumes:
|
||||
@@ -1272,6 +1246,7 @@ services:
|
||||
stellaops:
|
||||
aliases:
|
||||
- timeline.stella-ops.local
|
||||
- timelineindexer.stella-ops.local
|
||||
frontdoor: {}
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/$(hostname)/80'"]
|
||||
|
||||
@@ -7,12 +7,12 @@
|
||||
# cp env/compliance-china.env.example .env
|
||||
# docker compose -f docker-compose.stella-ops.yml \
|
||||
# -f docker-compose.compliance-china.yml \
|
||||
# -f docker-compose.crypto-sim.yml up -d
|
||||
# -f docker-compose.crypto-provider.crypto-sim.yml up -d
|
||||
#
|
||||
# Usage with SM Remote (production):
|
||||
# docker compose -f docker-compose.stella-ops.yml \
|
||||
# -f docker-compose.compliance-china.yml \
|
||||
# -f docker-compose.sm-remote.yml up -d
|
||||
# -f docker-compose.crypto-provider.smremote.yml up -d
|
||||
#
|
||||
# =============================================================================
|
||||
|
||||
|
||||
2
devops/compose/env/compliance-eu.env.example
vendored
2
devops/compose/env/compliance-eu.env.example
vendored
@@ -7,7 +7,7 @@
|
||||
# cp env/compliance-eu.env.example .env
|
||||
# docker compose -f docker-compose.stella-ops.yml \
|
||||
# -f docker-compose.compliance-eu.yml \
|
||||
# -f docker-compose.crypto-sim.yml up -d
|
||||
# -f docker-compose.crypto-provider.crypto-sim.yml up -d
|
||||
#
|
||||
# Usage for production:
|
||||
# docker compose -f docker-compose.stella-ops.yml \
|
||||
|
||||
@@ -7,12 +7,12 @@
|
||||
# cp env/compliance-russia.env.example .env
|
||||
# docker compose -f docker-compose.stella-ops.yml \
|
||||
# -f docker-compose.compliance-russia.yml \
|
||||
# -f docker-compose.crypto-sim.yml up -d
|
||||
# -f docker-compose.crypto-provider.crypto-sim.yml up -d
|
||||
#
|
||||
# Usage with CryptoPro CSP (production):
|
||||
# CRYPTOPRO_ACCEPT_EULA=1 docker compose -f docker-compose.stella-ops.yml \
|
||||
# -f docker-compose.compliance-russia.yml \
|
||||
# -f docker-compose.cryptopro.yml up -d
|
||||
# -f docker-compose.crypto-provider.cryptopro.yml up -d
|
||||
#
|
||||
# =============================================================================
|
||||
|
||||
|
||||
@@ -16,8 +16,8 @@
|
||||
"Microservice","^/api/v1/lineage(.*)","http://sbomservice.stella-ops.local/api/v1/lineage$1",,
|
||||
"Microservice","^/api/v1/resolve(.*)","http://binaryindex.stella-ops.local/api/v1/resolve$1",,
|
||||
"Microservice","^/api/v1/ops/binaryindex(.*)","http://binaryindex.stella-ops.local/api/v1/ops/binaryindex$1",,
|
||||
"Microservice","^/api/v1/policy(.*)","http://policy-gateway.stella-ops.local/api/v1/policy$1",,
|
||||
"Microservice","^/api/v1/governance(.*)","http://policy-gateway.stella-ops.local/api/v1/governance$1",,
|
||||
"Microservice","^/api/v1/policy(.*)","http://policy-engine.stella-ops.local/api/v1/policy$1",,
|
||||
"Microservice","^/api/v1/governance(.*)","http://policy-engine.stella-ops.local/api/v1/governance$1",,
|
||||
"Microservice","^/api/v1/determinization(.*)","http://policy-engine.stella-ops.local/api/v1/determinization$1",,
|
||||
"Microservice","^/api/v1/workflows(.*)","http://orchestrator.stella-ops.local/api/v1/workflows$1",,
|
||||
"Microservice","^/api/v1/authority/quotas(.*)","http://platform.stella-ops.local/api/v1/authority/quotas$1",,
|
||||
@@ -28,7 +28,7 @@
|
||||
"Microservice","^/api/v1/audit(.*)","http://timeline.stella-ops.local/api/v1/audit$1",,
|
||||
"Microservice","^/api/v1/export(.*)","https://exportcenter.stella-ops.local/api/v1/export$1",,
|
||||
"Microservice","^/api/v1/advisory-sources(.*)","http://concelier.stella-ops.local/api/v1/advisory-sources$1",,
|
||||
"Microservice","^/api/v1/notifier/delivery(.*)","http://notifier.stella-ops.local/api/v2/notify/deliveries$1",,
|
||||
"Microservice","^/api/v1/notifier/delivery(.*)","http://notify.stella-ops.local/api/v2/notify/deliveries$1",,
|
||||
"Microservice","^/api/v1/search(.*)","http://advisoryai.stella-ops.local/v1/search$1",,
|
||||
"Microservice","^/api/v1/advisory-ai(.*)","http://advisoryai.stella-ops.local/v1/advisory-ai$1",,
|
||||
"Microservice","^/api/v1/advisory(.*)","http://advisoryai.stella-ops.local/api/v1/advisory$1",,
|
||||
@@ -41,7 +41,7 @@
|
||||
"Microservice","^/api/v2/integrations(.*)","http://platform.stella-ops.local/api/v2/integrations$1",,
|
||||
"Microservice","^/api/v1/([^/]+)(.*)","http://$1.stella-ops.local/api/v1/$1$2",,
|
||||
"Microservice","^/api/v2/([^/]+)(.*)","http://$1.stella-ops.local/api/v2/$1$2",,
|
||||
"Microservice","^/api/(cvss|gate|exceptions|policy)(.*)","http://policy-gateway.stella-ops.local/api/$1$2",,
|
||||
"Microservice","^/api/(cvss|gate|exceptions|policy)(.*)","http://policy-engine.stella-ops.local/api/$1$2",,
|
||||
"Microservice","^/api/(risk|risk-budget)(.*)","http://policy-engine.stella-ops.local/api/$1$2",,
|
||||
"Microservice","^/api/(release-orchestrator|releases|approvals)(.*)","http://jobengine.stella-ops.local/api/$1$2",,
|
||||
"Microservice","^/api/(compare|change-traces|sbomservice)(.*)","http://sbomservice.stella-ops.local/api/$1$2",,
|
||||
@@ -56,7 +56,7 @@
|
||||
"Microservice","^/api/jobengine(.*)","http://orchestrator.stella-ops.local/api/jobengine$1",,
|
||||
"Microservice","^/api/scheduler(.*)","http://scheduler.stella-ops.local/api/scheduler$1",,
|
||||
"Microservice","^/api/doctor(.*)","http://doctor.stella-ops.local/api/doctor$1",,
|
||||
"Microservice","^/policy(.*)","http://policy-gateway.stella-ops.local/policy$1",,
|
||||
"Microservice","^/policy(.*)","http://policy-engine.stella-ops.local/policy$1",,
|
||||
"Microservice","^/v1/evidence-packs(.*)","http://advisoryai.stella-ops.local/v1/evidence-packs$1",,
|
||||
"Microservice","^/v1/runs(.*)","http://orchestrator.stella-ops.local/v1/runs$1",,
|
||||
"Microservice","^/v1/advisory-ai(.*)","http://advisoryai.stella-ops.local/v1/advisory-ai$1",,
|
||||
|
||||
|
@@ -3,13 +3,13 @@
|
||||
"Microservice","/api/v1/vex","https://vexhub.stella-ops.local/api/v1/vex","/api/v1/vex/index","200"
|
||||
"Microservice","/api/v1/vexlens","http://vexlens.stella-ops.local/api/v1/vexlens","/api/v1/vexlens/stats","200"
|
||||
"Microservice","/api/v1/notify","http://notify.stella-ops.local/api/v1/notify","/api/v1/notify/audit","400"
|
||||
"Microservice","/api/v1/notifier","http://notifier.stella-ops.local/api/v1/notifier",,
|
||||
"Microservice","/api/v1/notifier","http://notify.stella-ops.local/api/v1/notifier",,
|
||||
"Microservice","/api/v1/concelier","http://concelier.stella-ops.local/api/v1/concelier","/api/v1/concelier/bundles","200"
|
||||
"Microservice","/api/v1/platform","http://platform.stella-ops.local/api/v1/platform","/api/v1/platform/search","400"
|
||||
"Microservice","/api/v1/scanner","http://scanner.stella-ops.local/api/v1/scanner",,
|
||||
"Microservice","/api/v1/findings","http://findings.stella-ops.local/api/v1/findings","/api/v1/findings/summaries","200"
|
||||
"Microservice","/api/v1/integrations","http://integrations.stella-ops.local/api/v1/integrations","/api/v1/integrations","401"
|
||||
"Microservice","/api/v1/policy","http://policy-gateway.stella-ops.local/api/v1/policy","/api/v1/policy/gate/health","200"
|
||||
"Microservice","/api/v1/policy","http://policy-engine.stella-ops.local/api/v1/policy","/api/v1/policy/gate/health","200"
|
||||
"Microservice","/api/v1/reachability","http://reachgraph.stella-ops.local/api/v1/reachability",,
|
||||
"Microservice","/api/v1/attestor","http://attestor.stella-ops.local/api/v1/attestor","/api/v1/attestor/predicates","200"
|
||||
"Microservice","/api/v1/attestations","http://attestor.stella-ops.local/api/v1/attestations","/api/v1/attestations","200"
|
||||
@@ -33,7 +33,7 @@
|
||||
"Microservice","/api/v1/lineage","http://sbomservice.stella-ops.local/api/v1/lineage","/api/v1/lineage/diff","400"
|
||||
"Microservice","/api/v1/export","https://exportcenter.stella-ops.local/api/v1/export",,
|
||||
"Microservice","/api/v1/triage","http://scanner.stella-ops.local/api/v1/triage","/api/v1/triage/inbox","401"
|
||||
"Microservice","/api/v1/governance","http://policy-gateway.stella-ops.local/api/v1/governance","/api/v1/governance/audit/events","400"
|
||||
"Microservice","/api/v1/governance","http://policy-engine.stella-ops.local/api/v1/governance","/api/v1/governance/audit/events","400"
|
||||
"Microservice","/api/v1/determinization","http://policy-engine.stella-ops.local/api/v1/determinization",,
|
||||
"Microservice","/api/v1/opsmemory","http://opsmemory.stella-ops.local/api/v1/opsmemory","/api/v1/opsmemory/stats","400"
|
||||
"Microservice","/api/v1/secrets","http://scanner.stella-ops.local/api/v1/secrets","/api/v1/secrets/config/rules/categories","401"
|
||||
@@ -45,20 +45,20 @@
|
||||
"Microservice","/v1/advisory-ai/adapters","http://advisoryai.stella-ops.local/v1/advisory-ai/adapters","/","200"
|
||||
"Microservice","/v1/advisory-ai","http://advisoryai.stella-ops.local/v1/advisory-ai","/v1/advisory-ai/consent","200"
|
||||
"Microservice","/v1/audit-bundles","https://exportcenter.stella-ops.local/v1/audit-bundles","/v1/audit-bundles","200"
|
||||
"Microservice","/policy","http://policy-gateway.stella-ops.local","/policyEngine","302"
|
||||
"Microservice","/api/cvss","http://policy-gateway.stella-ops.local/api/cvss","/api/cvss/policies","401"
|
||||
"Microservice","/api/policy","http://policy-gateway.stella-ops.local/api/policy","/api/policy/packs","401"
|
||||
"Microservice","/policy","http://policy-engine.stella-ops.local","/policyEngine","302"
|
||||
"Microservice","/api/cvss","http://policy-engine.stella-ops.local/api/cvss","/api/cvss/policies","401"
|
||||
"Microservice","/api/policy","http://policy-engine.stella-ops.local/api/policy","/api/policy/packs","401"
|
||||
"Microservice","/api/risk","http://policy-engine.stella-ops.local/api/risk","/api/risk/events","400"
|
||||
"Microservice","/api/analytics","http://platform.stella-ops.local/api/analytics","/api/analytics/backlog","400"
|
||||
"Microservice","/api/release-orchestrator","http://orchestrator.stella-ops.local/api/release-orchestrator","/api/release-orchestrator/releases","200"
|
||||
"Microservice","/api/releases","http://orchestrator.stella-ops.local/api/releases",,
|
||||
"Microservice","/api/approvals","http://orchestrator.stella-ops.local/api/approvals",,
|
||||
"Microservice","/api/gate","http://policy-gateway.stella-ops.local/api/gate",,
|
||||
"Microservice","/api/gate","http://policy-engine.stella-ops.local/api/gate",,
|
||||
"Microservice","/api/risk-budget","http://policy-engine.stella-ops.local/api/risk-budget",,
|
||||
"Microservice","/api/fix-verification","http://scanner.stella-ops.local/api/fix-verification",,
|
||||
"Microservice","/api/compare","http://sbomservice.stella-ops.local/api/compare",,
|
||||
"Microservice","/api/change-traces","http://sbomservice.stella-ops.local/api/change-traces",,
|
||||
"Microservice","/api/exceptions","http://policy-gateway.stella-ops.local/api/exceptions",,
|
||||
"Microservice","/api/exceptions","http://policy-engine.stella-ops.local/api/exceptions",,
|
||||
"Microservice","/api/verdicts","https://evidencelocker.stella-ops.local/api/verdicts",,
|
||||
"Microservice","/api/orchestrator","http://orchestrator.stella-ops.local/api/orchestrator",,
|
||||
"Microservice","/api/v1/gateway/rate-limits","http://platform.stella-ops.local/api/v1/gateway/rate-limits","/api/v1/gateway/rate-limits","400"
|
||||
@@ -76,12 +76,12 @@
|
||||
"Microservice","/authority","https://authority.stella-ops.local/authority","/authority/audit/airgap","401"
|
||||
"Microservice","/console","https://authority.stella-ops.local/console","/console/filters","401"
|
||||
"Microservice","/scanner","http://scanner.stella-ops.local","/scanner/api/v1/agents","401"
|
||||
"Microservice","/policyGateway","http://policy-gateway.stella-ops.local","/policyGateway","302"
|
||||
"Microservice","/policyGateway","http://policy-engine.stella-ops.local","/policyGateway","302"
|
||||
"Microservice","/policyEngine","http://policy-engine.stella-ops.local","/policyEngine","302"
|
||||
"Microservice","/concelier","http://concelier.stella-ops.local","/concelier/jobs","200"
|
||||
"Microservice","/attestor","http://attestor.stella-ops.local","/attestor/api/v1/bundles","400"
|
||||
"Microservice","/notify","http://notify.stella-ops.local","/notify/api/v1/notify/audit","400"
|
||||
"Microservice","/notifier","http://notifier.stella-ops.local","/notifier/api/v2/ack","400"
|
||||
"Microservice","/notifier","http://notify.stella-ops.local","/notifier/api/v2/ack","400"
|
||||
"Microservice","/scheduler","http://scheduler.stella-ops.local","/scheduler/graphs/jobs","401"
|
||||
"Microservice","/signals","http://signals.stella-ops.local","/signals/signals/ping","403"
|
||||
"Microservice","/excititor","http://excititor.stella-ops.local","/excititor/vex/raw","400"
|
||||
|
||||
|
@@ -3,13 +3,13 @@
|
||||
"ReverseProxy","/api/v1/vex","https://vexhub.stella-ops.local/api/v1/vex","/api/v1/vex/index","200"
|
||||
"ReverseProxy","/api/v1/vexlens","http://vexlens.stella-ops.local/api/v1/vexlens","/api/v1/vexlens/stats","200"
|
||||
"ReverseProxy","/api/v1/notify","http://notify.stella-ops.local/api/v1/notify","/api/v1/notify/audit","400"
|
||||
"ReverseProxy","/api/v1/notifier","http://notifier.stella-ops.local/api/v1/notifier",,
|
||||
"ReverseProxy","/api/v1/notifier","http://notify.stella-ops.local/api/v1/notifier",,
|
||||
"ReverseProxy","/api/v1/concelier","http://concelier.stella-ops.local/api/v1/concelier","/api/v1/concelier/bundles","200"
|
||||
"ReverseProxy","/api/v1/platform","http://platform.stella-ops.local/api/v1/platform","/api/v1/platform/search","401"
|
||||
"ReverseProxy","/api/v1/scanner","http://scanner.stella-ops.local/api/v1/scanner",,
|
||||
"ReverseProxy","/api/v1/findings","http://findings.stella-ops.local/api/v1/findings","/api/v1/findings/summaries","401"
|
||||
"ReverseProxy","/api/v1/integrations","http://integrations.stella-ops.local/api/v1/integrations","/api/v1/integrations","200"
|
||||
"ReverseProxy","/api/v1/policy","http://policy-gateway.stella-ops.local/api/v1/policy","/api/v1/policy/schema","404"
|
||||
"ReverseProxy","/api/v1/policy","http://policy-engine.stella-ops.local/api/v1/policy","/api/v1/policy/schema","404"
|
||||
"ReverseProxy","/api/v1/reachability","http://reachgraph.stella-ops.local/api/v1/reachability",,
|
||||
"ReverseProxy","/api/v1/attestor","http://attestor.stella-ops.local/api/v1/attestor","/api/v1/attestor/policies","404"
|
||||
"ReverseProxy","/api/v1/attestations","http://attestor.stella-ops.local/api/v1/attestations","/api/v1/attestations","401"
|
||||
@@ -33,7 +33,7 @@
|
||||
"ReverseProxy","/api/v1/lineage","http://sbomservice.stella-ops.local/api/v1/lineage","/api/v1/lineage/diff","400"
|
||||
"ReverseProxy","/api/v1/export","https://exportcenter.stella-ops.local/api/v1/export","/api/v1/export/jobs","401"
|
||||
"ReverseProxy","/api/v1/triage","http://scanner.stella-ops.local/api/v1/triage","/api/v1/triage/inbox","400"
|
||||
"ReverseProxy","/api/v1/governance","http://policy-gateway.stella-ops.local/api/v1/governance","/api/v1/governance/audit/events","400"
|
||||
"ReverseProxy","/api/v1/governance","http://policy-engine.stella-ops.local/api/v1/governance","/api/v1/governance/audit/events","400"
|
||||
"ReverseProxy","/api/v1/determinization","http://policy-engine.stella-ops.local/api/v1/determinization",,
|
||||
"ReverseProxy","/api/v1/opsmemory","http://opsmemory.stella-ops.local/api/v1/opsmemory","/api/v1/opsmemory/stats","400"
|
||||
"ReverseProxy","/api/v1/secrets","http://scanner.stella-ops.local/api/v1/secrets","/api/v1/secrets/config/rules/categories","200"
|
||||
@@ -45,20 +45,20 @@
|
||||
"ReverseProxy","/v1/advisory-ai/adapters","http://advisoryai.stella-ops.local/v1/advisory-ai/adapters","/","200"
|
||||
"ReverseProxy","/v1/advisory-ai","http://advisoryai.stella-ops.local/v1/advisory-ai","/v1/advisory-ai/consent","200"
|
||||
"ReverseProxy","/v1/audit-bundles","https://exportcenter.stella-ops.local/v1/audit-bundles","/v1/audit-bundles","200"
|
||||
"ReverseProxy","/policy","http://policy-gateway.stella-ops.local","/policy/snapshots","404"
|
||||
"ReverseProxy","/api/cvss","http://policy-gateway.stella-ops.local/api/cvss","/api/cvss/policies","401"
|
||||
"ReverseProxy","/api/policy","http://policy-gateway.stella-ops.local/api/policy","/api/policy/packs","401"
|
||||
"ReverseProxy","/policy","http://policy-engine.stella-ops.local","/policy/snapshots","404"
|
||||
"ReverseProxy","/api/cvss","http://policy-engine.stella-ops.local/api/cvss","/api/cvss/policies","401"
|
||||
"ReverseProxy","/api/policy","http://policy-engine.stella-ops.local/api/policy","/api/policy/packs","401"
|
||||
"ReverseProxy","/api/risk","http://policy-engine.stella-ops.local/api/risk","/api/risk/events","401"
|
||||
"ReverseProxy","/api/analytics","http://platform.stella-ops.local/api/analytics","/api/analytics/backlog","401"
|
||||
"ReverseProxy","/api/release-orchestrator","http://orchestrator.stella-ops.local/api/release-orchestrator","/api/release-orchestrator/releases","200"
|
||||
"ReverseProxy","/api/releases","http://orchestrator.stella-ops.local/api/releases",,
|
||||
"ReverseProxy","/api/approvals","http://orchestrator.stella-ops.local/api/approvals",,
|
||||
"ReverseProxy","/api/gate","http://policy-gateway.stella-ops.local/api/gate",,
|
||||
"ReverseProxy","/api/gate","http://policy-engine.stella-ops.local/api/gate",,
|
||||
"ReverseProxy","/api/risk-budget","http://policy-engine.stella-ops.local/api/risk-budget",,
|
||||
"ReverseProxy","/api/fix-verification","http://scanner.stella-ops.local/api/fix-verification",,
|
||||
"ReverseProxy","/api/compare","http://sbomservice.stella-ops.local/api/compare",,
|
||||
"ReverseProxy","/api/change-traces","http://sbomservice.stella-ops.local/api/change-traces",,
|
||||
"ReverseProxy","/api/exceptions","http://policy-gateway.stella-ops.local/api/exceptions",,
|
||||
"ReverseProxy","/api/exceptions","http://policy-engine.stella-ops.local/api/exceptions",,
|
||||
"ReverseProxy","/api/verdicts","https://evidencelocker.stella-ops.local/api/verdicts",,
|
||||
"ReverseProxy","/api/orchestrator","http://orchestrator.stella-ops.local/api/orchestrator",,
|
||||
"ReverseProxy","/api/v1/gateway/rate-limits","http://platform.stella-ops.local/api/v1/gateway/rate-limits","/api/v1/gateway/rate-limits","401"
|
||||
@@ -79,12 +79,12 @@
|
||||
"ReverseProxy","/rekor","http://rekor.stella-ops.local:3322",,
|
||||
"ReverseProxy","/envsettings.json","http://platform.stella-ops.local/platform/envsettings.json","/","200"
|
||||
"ReverseProxy","/scanner","http://scanner.stella-ops.local",,
|
||||
"ReverseProxy","/policyGateway","http://policy-gateway.stella-ops.local",,
|
||||
"ReverseProxy","/policyGateway","http://policy-engine.stella-ops.local",,
|
||||
"ReverseProxy","/policyEngine","http://policy-engine.stella-ops.local",,
|
||||
"ReverseProxy","/concelier","http://concelier.stella-ops.local","/concelier/observations","404"
|
||||
"ReverseProxy","/attestor","http://attestor.stella-ops.local",,
|
||||
"ReverseProxy","/notify","http://notify.stella-ops.local",,
|
||||
"ReverseProxy","/notifier","http://notifier.stella-ops.local",,
|
||||
"ReverseProxy","/notifier","http://notify.stella-ops.local",,
|
||||
"ReverseProxy","/scheduler","http://scheduler.stella-ops.local",,
|
||||
"ReverseProxy","/signals","http://signals.stella-ops.local","/signals/ping","404"
|
||||
"ReverseProxy","/excititor","http://excititor.stella-ops.local","/excititor/status","404"
|
||||
|
||||
|
@@ -86,7 +86,7 @@
|
||||
{ "Type": "Microservice", "Path": "^/api/v1/gateway/rate-limits(.*)", "IsRegex": true, "TranslatesTo": "http://platform.stella-ops.local/api/v1/gateway/rate-limits$1" },
|
||||
{ "Type": "Microservice", "Path": "^/api/v1/jobengine/quotas(.*)", "IsRegex": true, "TranslatesTo": "http://platform.stella-ops.local/api/v1/jobengine/quotas$1" },
|
||||
{ "Type": "Microservice", "Path": "^/api/v1/reachability(.*)", "IsRegex": true, "TranslatesTo": "http://reachgraph.stella-ops.local/api/v1/reachability$1" },
|
||||
{ "Type": "Microservice", "Path": "^/api/v1/timeline(.*)", "IsRegex": true, "TranslatesTo": "http://timelineindexer.stella-ops.local/api/v1/timeline$1" },
|
||||
{ "Type": "Microservice", "Path": "^/api/v1/timeline(.*)", "IsRegex": true, "TranslatesTo": "http://timeline.stella-ops.local/api/v1/timeline$1" },
|
||||
{ "Type": "Microservice", "Path": "^/api/v1/audit(.*)", "IsRegex": true, "TranslatesTo": "http://timeline.stella-ops.local/api/v1/audit$1" },
|
||||
{ "Type": "Microservice", "Path": "^/api/v1/export(.*)", "IsRegex": true, "TranslatesTo": "https://exportcenter.stella-ops.local/api/v1/export$1" },
|
||||
{ "Type": "Microservice", "Path": "^/api/v1/advisory-sources(.*)", "IsRegex": true, "TranslatesTo": "http://concelier.stella-ops.local/api/v1/advisory-sources$1" },
|
||||
|
||||
@@ -188,7 +188,7 @@ server {
|
||||
# Policy gateway (strips /policy/ prefix, regex avoids colliding with
|
||||
# Angular /policy/exceptions, /policy/packs SPA routes)
|
||||
location ~ ^/policy/(api|v[0-9]+|shadow)/ {
|
||||
set \$policy_upstream http://policy-gateway.stella-ops.local;
|
||||
set \$policy_upstream http://policy-engine.stella-ops.local;
|
||||
rewrite ^/policy/(.*)\$ /\$1 break;
|
||||
proxy_pass \$policy_upstream;
|
||||
proxy_set_header Host \$host;
|
||||
@@ -314,7 +314,7 @@ server {
|
||||
sub_filter '"http://platform.stella-ops.local"' '"/platform"';
|
||||
sub_filter '"http://authority.stella-ops.local"' '"/authority"';
|
||||
sub_filter '"http://scanner.stella-ops.local"' '"/scanner"';
|
||||
sub_filter '"http://policy-gateway.stella-ops.local"' '"/policy"';
|
||||
sub_filter '"http://policy-engine.stella-ops.local"' '"/policy"';
|
||||
sub_filter '"http://concelier.stella-ops.local"' '"/concelier"';
|
||||
sub_filter '"http://attestor.stella-ops.local"' '"/attestor"';
|
||||
sub_filter '"http://notify.stella-ops.local"' '"/notify"';
|
||||
@@ -371,7 +371,7 @@ server {
|
||||
sub_filter '"http://platform.stella-ops.local"' '"/platform"';
|
||||
sub_filter '"http://authority.stella-ops.local"' '"/authority"';
|
||||
sub_filter '"http://scanner.stella-ops.local"' '"/scanner"';
|
||||
sub_filter '"http://policy-gateway.stella-ops.local"' '"/policy"';
|
||||
sub_filter '"http://policy-engine.stella-ops.local"' '"/policy"';
|
||||
sub_filter '"http://concelier.stella-ops.local"' '"/concelier"';
|
||||
sub_filter '"http://attestor.stella-ops.local"' '"/attestor"';
|
||||
sub_filter '"http://notify.stella-ops.local"' '"/notify"';
|
||||
|
||||
@@ -37,7 +37,7 @@ server {
|
||||
sub_filter '"http://platform.stella-ops.local"' '"/platform"';
|
||||
sub_filter '"http://authority.stella-ops.local"' '"/authority"';
|
||||
sub_filter '"http://scanner.stella-ops.local"' '"/scanner"';
|
||||
sub_filter '"http://policy-gateway.stella-ops.local"' '"/policy"';
|
||||
sub_filter '"http://policy-engine.stella-ops.local"' '"/policy"';
|
||||
sub_filter '"http://concelier.stella-ops.local"' '"/concelier"';
|
||||
sub_filter '"http://attestor.stella-ops.local"' '"/attestor"';
|
||||
sub_filter '"http://notify.stella-ops.local"' '"/notify"';
|
||||
@@ -144,7 +144,7 @@ server {
|
||||
|
||||
# Policy gateway
|
||||
location ~ ^/policy/(api|v[0-9]+)/ {
|
||||
set $policy_upstream http://policy-gateway.stella-ops.local;
|
||||
set $policy_upstream http://policy-engine.stella-ops.local;
|
||||
rewrite ^/policy/(.*)$ /$1 break;
|
||||
proxy_pass $policy_upstream;
|
||||
}
|
||||
@@ -408,7 +408,7 @@ server {
|
||||
sub_filter '"http://platform.stella-ops.local"' '"/platform"';
|
||||
sub_filter '"http://authority.stella-ops.local"' '"/authority"';
|
||||
sub_filter '"http://scanner.stella-ops.local"' '"/scanner"';
|
||||
sub_filter '"http://policy-gateway.stella-ops.local"' '"/policy"';
|
||||
sub_filter '"http://policy-engine.stella-ops.local"' '"/policy"';
|
||||
sub_filter '"http://concelier.stella-ops.local"' '"/concelier"';
|
||||
sub_filter '"http://attestor.stella-ops.local"' '"/attestor"';
|
||||
sub_filter '"http://notify.stella-ops.local"' '"/notify"';
|
||||
|
||||
@@ -98,7 +98,7 @@ server {
|
||||
# Policy gateway (strips /policy/ prefix, regex avoids colliding with
|
||||
# Angular /policy/exceptions, /policy/packs SPA routes)
|
||||
location ~ ^/policy/(api|v[0-9]+)/ {
|
||||
set $policy_upstream http://policy-gateway.stella-ops.local;
|
||||
set $policy_upstream http://policy-engine.stella-ops.local;
|
||||
rewrite ^/policy/(.*)$ /$1 break;
|
||||
proxy_pass $policy_upstream;
|
||||
proxy_set_header Host $host;
|
||||
@@ -208,7 +208,7 @@ server {
|
||||
sub_filter '"http://platform.stella-ops.local"' '"/platform"';
|
||||
sub_filter '"http://authority.stella-ops.local"' '"/authority"';
|
||||
sub_filter '"http://scanner.stella-ops.local"' '"/scanner"';
|
||||
sub_filter '"http://policy-gateway.stella-ops.local"' '"/policy"';
|
||||
sub_filter '"http://policy-engine.stella-ops.local"' '"/policy"';
|
||||
sub_filter '"http://concelier.stella-ops.local"' '"/concelier"';
|
||||
sub_filter '"http://attestor.stella-ops.local"' '"/attestor"';
|
||||
sub_filter '"http://notify.stella-ops.local"' '"/notify"';
|
||||
|
||||
@@ -52,10 +52,10 @@ graph-api|devops/docker/Dockerfile.hardened.template|src/Graph/StellaOps.Graph.A
|
||||
cartographer|devops/docker/Dockerfile.hardened.template|src/Scanner/StellaOps.Scanner.Cartographer/StellaOps.Scanner.Cartographer.csproj|StellaOps.Scanner.Cartographer|8080
|
||||
# ── Slot 22: ReachGraph ─────────────────────────────────────────────────────────
|
||||
reachgraph-web|devops/docker/Dockerfile.hardened.template|src/ReachGraph/StellaOps.ReachGraph.WebService/StellaOps.ReachGraph.WebService.csproj|StellaOps.ReachGraph.WebService|8080
|
||||
# ── Slot 23: Timeline Indexer ───────────────────────────────────────────────────
|
||||
timeline-indexer-web|devops/docker/Dockerfile.hardened.template|src/Timeline/StellaOps.TimelineIndexer.WebService/StellaOps.TimelineIndexer.WebService.csproj|StellaOps.TimelineIndexer.WebService|8080
|
||||
timeline-indexer-worker|devops/docker/Dockerfile.hardened.template|src/Timeline/StellaOps.TimelineIndexer.Worker/StellaOps.TimelineIndexer.Worker.csproj|StellaOps.TimelineIndexer.Worker|8080
|
||||
# ── Slot 24: Timeline ───────────────────────────────────────────────────────────
|
||||
# ── Slot 23: Timeline Indexer (MERGED into timeline-web in Slot 24) ────────────
|
||||
# timeline-indexer-web|devops/docker/Dockerfile.hardened.template|src/Timeline/StellaOps.TimelineIndexer.WebService/StellaOps.TimelineIndexer.WebService.csproj|StellaOps.TimelineIndexer.WebService|8080
|
||||
# timeline-indexer-worker|devops/docker/Dockerfile.hardened.template|src/Timeline/StellaOps.TimelineIndexer.Worker/StellaOps.TimelineIndexer.Worker.csproj|StellaOps.TimelineIndexer.Worker|8080
|
||||
# ── Slot 24: Timeline (unified: includes merged timeline-indexer) ──────────────
|
||||
timeline-web|devops/docker/Dockerfile.hardened.template|src/Timeline/StellaOps.Timeline.WebService/StellaOps.Timeline.WebService.csproj|StellaOps.Timeline.WebService|8080
|
||||
# ── Slot 25: Findings Ledger ────────────────────────────────────────────────────
|
||||
findings-ledger-web|devops/docker/Dockerfile.hardened.template|src/Findings/StellaOps.Findings.Ledger.WebService/StellaOps.Findings.Ledger.WebService.csproj|StellaOps.Findings.Ledger.WebService|8080
|
||||
|
||||
Reference in New Issue
Block a user