README file updated with Rasenmaeher deployment instructions. (#1)

* update takserver to 5.3-24

* increase timeout

* update rmapi pointer

* update takrmapi pointer

* battlelog miniwerk configs

* Update compositions for new miniwerk config requirements

* updated api dockerfile

* disable battlelog from manifest in production until we finish integrating it

* log the random callsign we try to get things for to refer to logs

* try to set log rmapi/takrmapi levels via env

* retry the user files

* takintegration race conditions and temp directory handling

* update takrmapi pointer, use prefixed log_level

* fix production log level ENV

* takrmapi mitigations for pvarki/python-tak-rmapi#71

* Add release tag to ENV/ARG for rmapi and rmui

* update api pointer for deployment tag

* Add mTLS verify failure reason to the redirects

* treat 495 as 302 redirect to the error page

* update api pointer to include the new by role and only deleted list endpoints

* update submodule pointers to current mains

* updates path to update

* update takserver pointer, ref 43b9038

* update rmapi pointer to the group names branch

* update takserver pointer to new group names branch

* update nginx tags after rebasing the Snyk update from main

* update submodule pointers to main-merges

* Update README.rst

Added new instructions for running Rasenmaeher on docker environment. Instructions include also the network parts and basic first steps for admin.

* Update README.rst

Fixes on styling of the added instructions

* Update README.rst

Additional design features for the text.

* Update README.rst

Final adjustment on formatting for pull reguest

* Update README.rst

Moving the new instructions to the top of the instructions part of README

---------

Co-authored-by: Eero af Heurlin <eero.afheurlin@iki.fi>
Co-authored-by: Ari Karhunen <ari.karhunen@remod.fi>

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.6.0
+current_version = 1.7.0
 commit = False
 tag = False
 

README.rst

@@ -17,6 +17,114 @@ This `Disobey24 talk`_ explains a lot.
 
 .. _`Disobey24 talk`: https://www.youtube.com/watch?v=m3xd7uygpaY&list=PLLvAhAn5sGfiB9AlEt2KD7H9Dnr6kbd64&index=23
 
+Running Rasenmaher in your own docker environment
+---------------------------------
+
+Needed DNS Records pointing to wan address:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  - domain
+  - kc.domain
+  - tak.domain
+  - mtls.domain
+  - mtls.tak.domain
+  - mtls.kc.domain
+  - kc.tak.domain
+
+Needed ports open to internet on firewall, with redirect to server running Rasenmaeher:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  - 80
+  - 443
+  - 8443
+  - 8446
+  - 9446
+  - 4626
+
+Downloading and composing Rasenmaeher
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Be mindfull on where you download the repository, you will need to perform rest of the commands inside the downloaded repository.
+
+Getting the repository from github::
+
+    git clone --recurse-submodules -j8 git@github.com:pvarki/docker-rasenmaeher-integration.git 
+
+Create .env file that defines environmental variables for Rasenmaeher setup. File must be located inside downloaded repository and file type must be .env to work.
+
+The original example file is: https://github.com/pvarki/docker-rasenmaeher-integration/blob/main/example_env.sh
+
+Example .env-file with the minimal information needed::
+
+    KEYCLOAK_DATABASE_PASSWORD="input-secure-password"
+    RM_DATABASE_PASSWORD="input-secure-password"
+    POSTGRES_PASSWORD="input-secure-password"
+    LDAP_ADMIN_PASSWORD="input-secure-password"
+    KEYCLOAK_ADMIN_PASSWORD="input-secure-password"
+    TAK_DATABASE_PASSWORD="input-secure-password"
+    SERVER_DOMAIN="input-domain"
+    CFSSL_CA_NAME="input-ca-name"
+    MW_LE_EMAIL="input-email-for-lets-encrypt"
+    MW_LE_TEST="false"
+    TAKSERVER_CERT_PASS="input-secure-password"
+    TAK_CA_PASS="input-secure-password"
+    VITE_ASSET_SET="${VITE_ASSET_SET:-neutral}"
+    KEYCLOAK_PROFILEROOT_UUID="input-uuid"
+    KEYCLOAK_HTTPS_KEY_STORE_PASSWORD="input-secure-password"
+    KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD="input-secure-password"
+
+Starting the services::
+
+    docker compose up –d 
+
+Updating the repository from github::
+
+    git submodule update
+
+!DO NOT DO! Deleting the services. Deletes the certificates etc you will need to add all users etc again::
+
+    docker compose down -v
+
+Getting the admin login invite code for first admin::
+
+    docker compose exec -it rmapi /bin/bash -c "rasenmaeher_api addcode" 
+
+Services
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Rasenmaeher login page::
+
+    https://domain (example.com)
+
+Rasenmaeher home page::
+
+    https://mtls.domain (mtls.example.com)
+
+Takserver Admin UI::
+
+    https://tak.domain:8443/ (tak.example.com:8443/)
+
+Keycloack Admin UI. (Later group management will be withing Rasenmaeher)::
+
+    https://kc.domain:9443/admin/RASENMAEHER/console/ (kc.example.com:9443/admin/RASENMAEHER/console/)
+
+OTA update server inside takserver. Is located in the loaded repository, location depends on where you downloaded it::
+
+    /home/user/docker-rasenmaeher-integration/takserver/update
+
+Using the Rasenmaeher service:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+1. Login with first admin code. Create your admin account by typing your first admin invite code and inputting desired admin callsign.
+2. Create invite code for other users. Share the invite code. Go to Manage Users -> Add Users -> Create New Invite. Share link, qr code or invite code and domain.
+3. Approve users in Rasenmaeher. Open approvement link or scan qr code from users and approve the user. You can also go to Approve Users -> Select Waiting User and input the users approvement code.
+4. If desired promote some of the added users as admins. Go to Manage Users -> Manage Users -> Select user and select Promote. You can also Demote Admins or Delete users altogether.
+
+Using Rasenmaeher TAK in EUD:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+1. Login to Rasenmaeher. Go to https://mtls.domain and select TAK.
+2. Download Client Package. Select tak package for desired software "Android ATAK or Windows WinTAK" or "iOS iTAK". Select Download Client Package.
+3. Go to EUD's TAK Software. Import downloaded package. Device is connected to server.
+4. You should also read Quickstart and Usage Guides.
 
 Git submodules
 --------------
@@ -54,7 +162,6 @@ Autogenerated (mostly API) docs
   - Module API docs: https://pvarki.github.io/docker-rasenmaeher-integration/docs/
   - Swagger definition for RASENMAEHER API: https://pvarki.github.io/docker-rasenmaeher-integration/
 
-
 Running in local development mode
 ---------------------------------
 

docker-compose-dev.yml

@@ -2,7 +2,7 @@
 #   `docker-compose -p rmdev -f docker-compose-local.yml -f docker-compose-dev.yml up -d`
 
 x-nginxbuilds: &nginxbuildinfo
-  image: pvarki/nginx:1.25${DOCKER_TAG_EXTRA:-}
+  image: pvarki/nginx:1.27${DOCKER_TAG_EXTRA:-}
   build:
     context: ./nginx
     dockerfile: Dockerfile
@@ -39,6 +39,7 @@ services:
       SERVER_DOMAIN: ${SERVER_DOMAIN:-localmaeher.dev.pvarki.fi}
       API_PORT: ${NGINX_HTTPS_PORT:-4439}
       VITE_ASSET_SET: ${VITE_ASSET_SET:-neutral}
+      RELEASE_TAG: "localdev"
     networks:
       - intranet
     ports:  # REMINDER Do not expose these in production

docker-compose-local.yml

@@ -71,15 +71,15 @@ x-keycloakinit_users_env: &keycloakinit_users_env
   KEYCLOAK_PASSWORD: *kcadminpass # pragma: allowlist secret
 
 x-takbuilds: &takbuildinfo
-  image: &takimage "pvarki/takserver:${TAK_RELEASE:-5.2-RELEASE-30}${DOCKER_TAG_EXTRA:-}"
+  image: &takimage "pvarki/takserver:${TAK_RELEASE:-5.3-RELEASE-24}${DOCKER_TAG_EXTRA:-}"
   build:
     context: ./takserver
     dockerfile: Dockerfile
     args:
-      TAK_RELEASE: ${TAK_RELEASE:-5.2-RELEASE-30}
+      TAK_RELEASE: ${TAK_RELEASE:-5.3-RELEASE-24}
 
 x-nginxbuilds: &nginxbuildinfo
-  image: pvarki/nginx:1.25${DOCKER_TAG_EXTRA:-}
+  image: pvarki/nginx:1.27${DOCKER_TAG_EXTRA:-}
   build:
     context: ./nginx
     dockerfile: Dockerfile
@@ -120,10 +120,13 @@ services:
       target: production
     environment:
       MW_DOMAIN: *serverdomain
-      MW_PRODUCTS: "tak,kc,fake"
+      MW_PRODUCTS: "tak,kc,fake,bl"
       MW_RASENMAEHER__API_PORT: *apiport
+      MW_RASENMAEHER__USER_PORT: *apiport
       MW_FAKE__API_PORT: *productport
+      MW_FAKE__USER_PORT: *productport
       MW_TAK__API_PORT: *takapiport
+      MW_TAK__USER_PORT: 8443
       CAROOT: "/data/persistent/mkcert"
       MW_LE_EMAIL: "notusedwithmkcert@example.com"
       MW_LE_TEST: "true"
@@ -399,6 +402,10 @@ services:
       RM_KC_USERNAME: *kcadminuser
       RM_KC_PASSWORD: *kcadminpass  # pragma: allowlist secret
       RM_KC_REALM: *kc_realm
+      UVICORN_LOG_LEVEL: "debug"
+      RM_LOG_LEVEL: "DEBUG"
+      RM_LOG_LEVEL_INT: "10"
+      RELEASE_TAG: "local"
     networks:
       - apinet
       - kcnet
@@ -441,6 +448,7 @@ services:
       target: production
       args:
         VITE_ASSET_SET: ${VITE_ASSET_SET:-neutral}
+        RELEASE_TAG: "local"
     volumes:
       - rmui_files:/deliver
 
@@ -611,7 +619,7 @@ services:
       - taknet
       - dbnet
     volumes:
-      - ./takserver/updates:/opt/tak/webcontent/update
+      - ./takserver/update:/opt/tak/webcontent/update
       - kraftwerk_shared_tak:/pvarki
       - tak_data:/opt/tak/data
       - le_certs:/le_certs
@@ -626,7 +634,7 @@ services:
       takinit:
           condition: service_completed_successfully
     volumes:
-      - ./takserver/updates:/opt/tak/webcontent/update
+      - ./takserver/update:/opt/tak/webcontent/update
       - tak_data:/opt/tak/data
       - ca_public:/ca_public
       - le_certs:/le_certs
@@ -663,7 +671,7 @@ services:
       takconfig:
         condition: service_healthy
     volumes:
-      - ./takserver/updates:/opt/tak/webcontent/update
+      - ./takserver/update:/opt/tak/webcontent/update
       - tak_data:/opt/tak/data
       - ca_public:/ca_public
       - le_certs:/le_certs
@@ -687,7 +695,7 @@ services:
       takmsg:
         condition: service_healthy
     volumes:
-      - ./takserver/updates:/opt/tak/webcontent/update
+      - ./takserver/update:/opt/tak/webcontent/update
       - tak_data:/opt/tak/data
       - ca_public:/ca_public
       - le_certs:/le_certs
@@ -711,7 +719,7 @@ services:
       takmsg:
         condition: service_healthy
     volumes:
-      - ./takserver/updates:/opt/tak/webcontent/update
+      - ./takserver/update:/opt/tak/webcontent/update
       - tak_data:/opt/tak/data
       - ca_public:/ca_public
     network_mode: "service:takconfig"
@@ -734,7 +742,7 @@ services:
       takapi:
         condition: service_healthy
     volumes:
-      - ./takserver/updates:/opt/tak/webcontent/update
+      - ./takserver/update:/opt/tak/webcontent/update
       - tak_data:/opt/tak/data
       - ca_public:/ca_public
     network_mode: "service:takconfig"
@@ -748,7 +756,7 @@ services:
     restart: unless-stopped
 
   takrmapi:
-    image: pvarki/takrmapi:local${DOCKER_TAG_EXTRA:-}-tak${TAK_RELEASE:-5.2-RELEASE-30}
+    image: pvarki/takrmapi:local${DOCKER_TAG_EXTRA:-}-tak${TAK_RELEASE:-5.3-RELEASE-24}
     build:
       context: ./takintegration
       dockerfile: Dockerfile
@@ -758,6 +766,8 @@ services:
     network_mode: "service:takconfig"
     environment:
       LOG_CONSOLE_FORMATTER: "local"
+      UVICORN_LOG_LEVEL: "debug"
+      TI_LOG_LEVEL: "10"
     volumes:
       - ca_public:/ca_public
       - le_certs:/le_certs