application.yml
3.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
spring:
application:
name: user-service
profiles:
active: production
datasource:
url: jdbc:postgresql://postgresql-service:5432/ecommerce_users
username: ${SPRING_DATASOURCE_USERNAME:admin}
password: ${SPRING_DATASOURCE_PASSWORD}
driver-class-name: org.postgresql.Driver
hikari:
maximum-pool-size: 10
minimum-idle: 2
connection-timeout: 30000
idle-timeout: 600000
max-lifetime: 1800000
jpa:
hibernate:
ddl-auto: validate
naming:
physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
show-sql: false
properties:
hibernate:
dialect: org.hibernate.dialect.PostgreSQLDialect
format_sql: true
jdbc:
batch_size: 20
order_inserts: true
order_updates: true
redis:
host: redis-service
port: 6379
password: ${SPRING_REDIS_PASSWORD}
timeout: 2000
lettuce:
pool:
max-active: 10
max-idle: 5
min-idle: 2
max-wait: 1000
# ==================== Flyway 数据库迁移配置 ====================
flyway:
enabled: true
validate-on-migrate: true
baseline-on-migrate: true
baseline-version: 1
locations: classpath:db/migration
schemas: public
table: flyway_schema_history
clean-disabled: true
out-of-order: false
ignore-missing-migrations: false
ignore-future-migrations: true
# 如果数据库不存在时自动创建(可选)
# create-schemas: true
# 初始化SQL(可选)
# init-sqls: CREATE SCHEMA IF NOT EXISTS public;
# ==================== Security 安全配置 ====================
security:
# 允许对 Actuator 端点的公共访问
ignored: /actuator/**
server:
port: 8080
servlet:
context-path: /api
eureka:
client:
enabled: false
register-with-eureka: false
fetch-registry: false
management:
endpoints:
web:
exposure:
include: health,info,metrics,prometheus
# 允许跨域访问,便于 Kubernetes 探针访问
cors:
allowed-origins: "*"
allowed-methods: GET,OPTIONS
enabled-by-default: false
endpoint:
health:
enabled: true
show-details: always
probes:
enabled: true
# 允许所有用户访问健康端点
access: permit-all
info:
enabled: true
access: permit-all
metrics:
enabled: true
prometheus:
enabled: true
access: permit-all
health:
db:
enabled: true
redis:
enabled: true
# Flyway 健康检查
flyway:
enabled: true
# 禁用 Actuator 端点的安全保护
security:
enabled: false
logging:
level:
com.ecommerce.user: DEBUG
org.hibernate.SQL: WARN
org.hibernate.type.descriptor.sql.BasicBinder: WARN
org.springframework.security: WARN
# Flyway 日志配置
org.flywaydb: INFO
pattern:
console: "%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n"
jwt:
secret: ${JWT_SECRET}
expiration: ${JWT_EXPIRATION:86400000}
refresh-expiration: 2592000000
app:
security:
password:
min-length: ${PASSWORD_MIN_LENGTH:8}
max-length: ${PASSWORD_MAX_LENGTH:128}
login:
max-attempts: ${MAX_LOGIN_ATTEMPTS:5}
lockout-duration: ${ACCOUNT_LOCKOUT_DURATION:900000}
verification:
email: ${REQUIRE_EMAIL_VERIFICATION:true}
phone: ${REQUIRE_PHONE_VERIFICATION:false}
bcrypt-strength: ${BCRYPT_STRENGTH:12}
session-timeout: ${SESSION_TIMEOUT:1800}
csrf-protection: ${ENABLE_CSRF_PROTECTION:true}
notification:
service-url: ${NOTIFICATION_SERVICE_URL:http://notification-service:8080}
send-welcome-email: ${SEND_WELCOME_EMAIL:true}
# ==================== 健康检查专用配置 ====================
# 这些配置确保 Kubernetes 探针可以无认证访问健康端点
security:
basic:
enabled: false