From 1031743c36c5b4e9a250c8da8ad8171482be3fba Mon Sep 17 00:00:00 2001
From: Konrad Bucheli <konrad.bucheli@psi.ch>
Date: Tue, 28 Oct 2025 08:28:56 +0100
Subject: [PATCH] add OpenMaint as panda-maintenance.psi.ch (#14)

Add a [OpenMaint](https://www.openmaint.org/en/home) instance using the Docker images and compose from https://github.com/itmicus/cmdbuild_docker.

Reviewed-on: https://gitea.psi.ch/linux/WebHosting/pulls/14
Reviewed-by: bruhn_b <basil.bruhn@psi.ch>
Co-authored-by: Konrad Bucheli <konrad.bucheli@psi.ch>
Co-committed-by: Konrad Bucheli <konrad.bucheli@psi.ch>
---
 conf.d/panda-maintenance.conf | 21 +++++++++++++
 docker-compose.yaml           | 58 +++++++++++++++++++++++++++++++++++
 2 files changed, 79 insertions(+)
 create mode 100644 conf.d/panda-maintenance.conf

diff --git a/conf.d/panda-maintenance.conf b/conf.d/panda-maintenance.conf
new file mode 100644
index 0000000..3c1d7b2
--- /dev/null
+++ b/conf.d/panda-maintenance.conf
@@ -0,0 +1,21 @@
+server {
+    listen 80;
+    server_name panda-maintenance.psi.ch;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name panda-maintenance.psi.ch;
+
+    ssl_certificate /etc/nginx/certs/panda-maintenance.psi.ch.crt;
+    ssl_certificate_key /etc/nginx/private/panda-maintenance.psi.ch.key;
+
+    location / {
+        proxy_pass http://panda-maintenance-app:8080/cmdbuild;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
diff --git a/docker-compose.yaml b/docker-compose.yaml
index f52e63f..c300345 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -242,10 +242,68 @@ services:
       timeout: 5s
       retries: 5
 
+# Christoph Hug <christoph.hug@psi.ch>, Simon Suter <simon.suter@psi.ch>
+# Panda-Maintenance (OpenMaint)
+    panda-maintenance-db:
+      image: postgis/postgis:17-3.5-alpine
+      container_name: panda-maintenance-db
+      volumes:
+        - /opt/webcontent/panda-maintenance/data:/var/lib/postgresql/data:rw
+      ports:
+        - 5432:5432
+      environment:
+        - POSTGRES_USER=postgres
+        - POSTGRES_PASSWORD=${PANDA_MAINTENANCE_DB_PW}
+      restart: always
+      mem_limit: 4000m
+      mem_reservation: 2000m
+      healthcheck:
+        test: [ "CMD-SHELL", "pg_isready -U postgres" ]
+        interval: 30s
+        timeout: 10s
+        retries: 3
+        start_period: 80s
+      networks:
+        - panda_maintenance_backend
+    panda-maintenance-app:
+      image: itmicus/cmdbuild:om-2.4-4.1.0
+      container_name: panda-maintenance-app
+      links:
+        - panda-maintenance-db
+      depends_on:
+        panda-maintenance-db:
+          condition: service_healthy
+      ports:
+        - 8080:8080
+      restart: always
+      volumes:
+        - /opt/webcontent/panda-maintenance/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh:ro
+      environment:
+        - POSTGRES_USER=postgres
+        - POSTGRES_PASSWORD=${PANDA_MAINTENANCE_DB_PW}
+        - POSTGRES_PORT=5432
+        - POSTGRES_HOST=openmaint_db
+        - POSTGRES_DB=openmaint
+        - CMDBUILD_DUMP=empty.dump.xz
+        - JAVA_OPTS=-Xmx6000m -Xms3000m
+      mem_limit: 6000m
+      mem_reservation: 3500m
+      healthcheck:
+        test: [ "CMD", "curl", "-f", "-L", "http://localhost:8080/cmdbuild/ui" ]
+        interval: 30s
+        timeout: 10s
+        retries: 5
+        start_period: 120s
+      networks:
+        - backend
+        - panda_maintenance_backend
+
+
 networks:
   public:
   backend:
   hedgedoc_backend:
   woodpecker_backend:
   it_strategy_dashboard_backend:
+  panda_maintenance_backend: