ecos-proxy-app

Purpose

Image of the proxy server with the ecos-ui project build.

Base images

nexus.citeck.ru/ecos-nginx-spnego:stable - Nginx (1.17.6) is built from sources + the spnego module (1.1.0) is included in the build for AD integration and SSO. The base image is built on alpine:3.7. openresty/openresty:centos-rpm - openresty (1.15.8.3) is installed from repo packages. The base image is built on CentOS 7.

Docker Compose service template

ecos-proxy:
   logging:
     options:
       max-size: "10m"
       max-file: "5"
   container_name: ecos-proxy
   restart: unless-stopped
   stop_grace_period: 1m
   hostname: ecos-proxy
   ports:
     - 80:80/tcp
   env_file:
    - ./env_dir/ecos-proxy.env
   image: nexus.citeck.ru/ecos-proxy:<ECOS_PROXY_IMAGE
   networks:
     - app_network

Used variables

  • DEFAULT_LOCATION_V2 - switches the default redirect (/) from share/page to v2/. Variable format: DEFAULT_LOCATION_V2=true (parameter is duplicated on the client in system journal settings)

  • ECOS_INIT_DELAY - startup timeout for the entrypoint script that generates the server’s default.conf. Default is 30s to normalize upstream initialization in compose projects.

  • CADVISOR_TARGET - if not specified, the cadvisor upstream and its dependent locations will be removed from the nginx configuration file. Variable format: CADVISOR_TARGET=ip_or_fqdn:port

  • NODE_EXPORTER_TARGET - if not specified, the node-exporter upstream and its dependent locations will be removed from the nginx configuration file. Variable format: NODE_EXPORTER_TARGET=ip_or_fqdn:port

  • USE_EXTERNAL_CONFIGURATION - when declared, the default.conf configuration file in the nginx directory will be removed. Used for development and configuration; static directories, configuration files, certificates, etc. must be mounted into the container via pv. The nginx configuration file mount directory is /etc/nginx/conf.d/. Variable format: USE_EXTERNAL_CONFIGURATION=true

  • PROXY_TARGET - if not specified in the ecos-proxy.env file, the default proxying to the ecos container (ecos:8080) is set. When the parameter is declared in the variables file, the ecos:8080 value in the ecos upstream of the nginx image configuration is replaced with the value in the variables file. Variable format: PROXY_TARGET=ip_or_fqdn:port

  • GATEWAY_TARGET - if not specified, the gateway upstream and its dependent locations will be removed from the nginx configuration file. Variable format: GATEWAY_TARGET=ip_or_fqdn:port

  • ENABLE_LOGGING - container logging is disabled by default; declaring this variable enables standard nginx logging, setting it to debug enables extended nginx packet processing debug mode. Variable format: ENABLE_LOGGING=true (debug for extended mode)

  • ENABLE_SERVER_STATUS - enables the location for nginx server statistics, used for centralized monitoring. The location is accessible only from the docker network. Variable format: ENABLE_SERVER_STATUS=true

  • ENABLE_MOBILE_APP_ACCESS - enables the /gateway location with bearer token validation in the Authorization header. Used for mobile app access. Variable format: ENABLE_MOBILE_APP_ACCESS=true. When enabling this feature, configure the EIS_ID, REALM_ID, CLIENT_SECRET variables for Keycloak integration.

  • ENABLE_OIDC_FULL_ACCESS - enables bearer token validation in the Authorization header for any processed location. Variable format: ENABLE_OIDC_FULL_ACCESS=true. When enabling this feature, configure EIS_ID, REALM_ID, CLIENT_SECRET variables for Keycloak integration.

  • ONLYOFFICE_TARGET - enables the /onlyoffice/ location for integrating ecos with a deployed OnlyOffice instance. Variable format: ONLYOFFICE_TARGET=ip_or_fqdn:port

  • MAILHOG_TARGET - enables the proxy location to the mailhog container UI. MAILHOG_TARGET=ip_or_fqdn:port

  • ECOS_REGISTRY_TARGET - enables the proxy location to the ecos(jhipster)-registry container UI. Variable format: ECOS_REGISTRY_TARGET=ip_or_fqdn:port

  • RABBITMQ_TARGET - enables the proxy location to the rabbitmq management UI container. Variable format: RABBITMQ_TARGET=ip_or_fqdn:port

  • EIS_TARGET - enables the proxy location to the eis container UI. Used when eis is placed behind a proxy server in the customer’s network segment. Variable format: EIS_TARGET=ip_or_fqdn:port

  • ECOS_PAGE_TITLE - configures the browser page title (index.html) for the new interface (v2). Default: Citeck

  • EIS_PROTO – protocol used for communication with keycloak. Default value is https, optionally can be set to http

  • GATEWAY_TLS_ENABLED - enable HTTPS to ecos-gateway (v4)

  • GATEWAY_TLS_CERT - root certificate for verifying the ecos-gateway certificate. You can specify the same certificate that the gateway uses. By default, the certificate chain is checked to 2 levels. Default: false. (v4)

  • GATEWAY_TLS_NAME - gateway server name. nginx always verifies the gateway host against the certificate, but if the host is dynamic, this setting can be used to specify it as a constant. (v4)

  • ENABLE_HTTPS - enables the server on the SERVER_HTTPS_PORT port and expects certificates SERVER_TLS_CERT and SERVER_TLS_KEY (v3, v4)

  • ENABLE_HSTS - add the Strict-Transport-Security header to server responses. (v3, v4)

  • SERVER_TLS_CERT - server certificate. Default: /app/ssl/ecos-proxy.cert (v4)

  • SERVER_TLS_KEY - server private key. Default: /app/ssl/ecos-proxy.key (v4)

  • SERVER_HTTP_PORT - http port that nginx will listen on. Default depends on the user running the container: 80 for root, otherwise 8080 (v4)

  • SERVER_HTTPS_PORT - https port that nginx will listen on. Default depends on the user running the container: 443 for root, otherwise 8443 (v4)

  • MIN_TLS_VER - minimum allowed TLS version. Allowed values: [1.3, 1.2, 1.0] (v3, v4)

Not implemented:

  • SOLR_TARGET

  • ECOS_REGISTRY_TARGET

Typical settings acceptance log output

ecos-proxy                  | Wait 30 seconds and run nginx
ecos-proxy                  | - Logging disabled
ecos-proxy                  | + Server status monitoring enabled!
ecos-proxy                  | + Changed upstream gateway: gateway-app:8085
ecos-proxy                  | - Disabled api-auth upstream and locations
ecos-proxy                  | + Changed mailhog upstream: mailhog:8025
ecos-proxy                  | - Disabled gss
ecos-proxy                  | + Changed ecos-registry upstream: jhipster-registry:8761
ecos-proxy                  | + Changed rabbitmq upstream: rabbitmq:15672
ecos-proxy                  | - Disabled eis upstream and locations
ecos-proxy                  | - Disabled solr location

Local build and deploy of ecos-ui

Requirements

  • Node.js 20.19+ or 22.12+ (project uses Vite 7)

  • Yarn 3.6.2 (via corepack, specified in packageManager in package.json)

Build

cd ecos-ui
yarn install
yarn build

Result: build/ directory with compiled files (index.html, assets/, js/, img/, etc.)

Deploy to local container (Citeck Launcher)

UI is served through the ecos-proxy container (nginx/openresty). Static files are located inside the container at /var/www/assets/.

The container has no bind mount for UI files, so deployment is done via docker cp:

docker cp ecos-ui/build/. citeck_proxy_<namespace>_default:/var/www/assets/

The proxy container name has the form citeck_proxy_<namespace>_default. To find it:

docker ps | grep proxy

After copying — refresh the page in the browser (Ctrl+Shift+R / Cmd+Shift+R for hard refresh).

Deployment verification

docker exec citeck_proxy_<namespace>_default sh -c 'ls /var/www/assets/assets/main-*'

Note

Changes are effective until the container is recreated. After a restart, Launcher will deploy the original UI from the image.