BridgeWay Hub example implementation of API Gateway based on Spring Boot 3, Keycloak as a security layer
and Eureka Client as service registry, in microservice architecture, detailed configuration will depend directly on
additional business requirements and is applied in the application properties. For more details
Before running the app you need to configure the next services that depends on:
- Keycloak - security layer
- DB for Keycloak
optional - Eureka Server, my solution
optional
Clone the repository using git clone https://github.com/Justedlev/bridgewayhub.git and after that run the app local,
you can use the simple run configuration, that based on .env
and jvm options, make sure that the service registry (eureka service) already started.
Note
The Service Registry (Discovery Service) can be disabled by using the properties if needed
spring:
cloud:
discovery:
enabled: false
eureka:
client:
enabled: falseTip
You can also disable it in .vmoptions, just adding the envs
-Dspring.cloud.discovery.enabled=false
-Deureka.client.enabled=false
I have a repository on Docker Hub
Simple command to run the container:
docker compose up -d --buildLearn More with Docker CLI: Compose
The full compose.yaml that I personally use
name: justedlev-microservice
services:
bridgewayhub:
container_name: bridgewayhub
image: justedlev/bridgewayhub:0.0.1-SNAPSHOT
build:
context: ..
environment:
SERVICE_REGISTRY: http://{example}:{example}@service-discovery:8761/eureka
ORIGINS: http://service-discovery:8761,http://localhost:8761,http://localhost:3000
USERNAME: "{changeme}"
PASSWORD: "{changeme}"
ROLES:
- "{changeme}"
- "{changeme2}"
- "{changeme-etc}"
KEYCLOAK_HOST: http://sso:9321
KEYCLOAK_REALM: "{changeme}"
KEYCLOAK_ISSUER_URI: ${KEYCLOAK_HOST}/realms/${KEYCLOAK_REALM}
KEYCLOAK_JWKS_URI: ${KEYCLOAK_ISSUER_URI}/protocol/openid-connect/certs
KEYCLOAK_TOKEN_ENDPOINT: ${KEYCLOAK_ISSUER_URI}/protocol/openid-connect/token
KEYCLOAK_INTROSPECTION_ENDPOINT: ${KEYCLOAK_ISSUER_URI}/protocol/openid-connect/token/introspect
KEYCLOAK_CLIENT_ID: "{changeme}"
KEYCLOAK_CLIENT_SECRET: "{changeme}"
ports:
- 8123:8123
depends_on:
- sso
- service-discovery
# Service discovery
service-discovery:
container_name: service-discovery
image: justedlev/simple-eureka-server:1.0.0-SNAPSHOT
environment:
USERNAME: "{changeme}"
PASSWORD: "{changeme}"
ports:
- 8761:8761
# SSO service (keycloak)
sso:
container_name: keycloak
image: quay.io/keycloak/keycloak:24.0.2
command: [ "start-dev", "--http-port=9321" ]
environment:
KEYCLOAK_ADMIN: "{changeme}"
KEYCLOAK_ADMIN_PASSWORD: "{changeme}"
KC_HEALTH_ENABLED: true
KC_HOSTNAME: localhost
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres:5432/{example}
KC_DB_USERNAME: "{changeme}"
KC_DB_PASSWORD: "{changeme}"
KC_DB_SCHEMA: keycloak
depends_on:
- postgres
ports:
- 9321:9321
# Postgres DB
postgres:
container_name: postgres
image: postgres:16.2-alpine
environment:
POSTGRES_DB: "{changeme}"
POSTGRES_USER: "{changeme}"
POSTGRES_PASSWORD: "{changeme}"
volumes:
- db-data:/var/lib/postgresql/data
ports:
- 5432:5432
healthcheck:
test: [ "CMD", "pg_isready", "-U ${POSTGRES_USER}", "-d" ]
interval: 15s
timeout: 10s
retries: 5
start_period: 12s
restart: unless-stopped
deploy:
resources:
limits:
cpus: "1"
memory: 250MB
volumes:
db-data: