refactor: aligh bootstrap with new supermq architecture

Signed-off-by: Felix Gateru <[email protected]>
absmach · Jan 8, 2025 · b801e4c · b801e4c
1 parent 3ee7b13
commit b801e4c
Show file tree

Hide file tree

Showing 13 changed files with 107 additions and 93 deletions.
diff --git a/Makefile b/Makefile
@@ -15,7 +15,7 @@ USER_REPO ?= $(shell git remote get-url origin | sed -e 's/.*\/\([^/]*\)\/\([^/]
 empty:=
 space:= $(empty) $(empty)
 # Docker compose project name should follow this guidelines: https://docs.docker.com/compose/reference/#use--p-to-specify-a-project-name
-DOCKER_PROJECT ?= test #$(shell echo $(subst $(space),,$(USER_REPO)) | tr -c -s '[:alnum:][=-=]' '_' | tr '[:upper:]' '[:lower:]')
+DOCKER_PROJECT ?= $(shell echo $(subst $(space),,$(USER_REPO)) | tr -c -s '[:alnum:][=-=]' '_' | tr '[:upper:]' '[:lower:]')
 DOCKER_COMPOSE_COMMANDS_SUPPORTED := up down config
 DEFAULT_DOCKER_COMPOSE_COMMAND  := up
 GRPC_MTLS_CERT_FILES_EXISTS = 0
@@ -252,5 +252,5 @@ run: check_certs
 run_addons: check_certs
 	$(foreach SVC,$(RUN_ADDON_ARGS),$(if $(filter $(SVC),$(ADDON_SERVICES) $(EXTERNAL_SERVICES)),,$(error Invalid Service $(SVC))))
 	@for SVC in $(RUN_ADDON_ARGS); do \
-		MG_ADDONS_CERTS_PATH_PREFIX="../."  docker compose -f docker/addons/$$SVC/docker-compose.yml -p $(DOCKER_PROJECT) --env-file ./docker/.env $(DOCKER_COMPOSE_COMMAND) $(args) & \
+		SMQ_ADDONS_CERTS_PATH_PREFIX="../."  docker compose -f docker/addons/$$SVC/docker-compose.yml -p $(DOCKER_PROJECT) --env-file ./docker/.env $(DOCKER_COMPOSE_COMMAND) $(args) & \
 	done
diff --git a/bootstrap/middleware/authorization.go b/bootstrap/middleware/authorization.go
@@ -13,6 +13,12 @@ import (
 	"github.com/absmach/supermq/pkg/policies"
 )
 
+const (
+	updatePermission = "update_permission"
+	readPermission   = "read_permission"
+	deletePermission = "delete_permission"
+)
+
 var _ bootstrap.Service = (*authorizationMiddleware)(nil)
 
 type authorizationMiddleware struct {
@@ -37,31 +43,31 @@ func (am *authorizationMiddleware) Add(ctx context.Context, session smqauthn.Ses
 }
 
 func (am *authorizationMiddleware) View(ctx context.Context, session smqauthn.Session, id string) (bootstrap.Config, error) {
-	if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, policies.ViewPermission, policies.ClientType, id); err != nil {
+	if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, readPermission, policies.ClientType, id); err != nil {
 		return bootstrap.Config{}, err
 	}
 
 	return am.svc.View(ctx, session, id)
 }
 
 func (am *authorizationMiddleware) Update(ctx context.Context, session smqauthn.Session, cfg bootstrap.Config) error {
-	if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, policies.EditPermission, policies.ClientType, cfg.ClientID); err != nil {
+	if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, updatePermission, policies.ClientType, cfg.ClientID); err != nil {
 		return err
 	}
 
 	return am.svc.Update(ctx, session, cfg)
 }
 
 func (am *authorizationMiddleware) UpdateCert(ctx context.Context, session smqauthn.Session, clientID, clientCert, clientKey, caCert string) (bootstrap.Config, error) {
-	if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, policies.EditPermission, policies.ClientType, clientID); err != nil {
+	if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, updatePermission, policies.ClientType, clientID); err != nil {
 		return bootstrap.Config{}, err
 	}
 
 	return am.svc.UpdateCert(ctx, session, clientID, clientCert, clientKey, caCert)
 }
 
 func (am *authorizationMiddleware) UpdateConnections(ctx context.Context, session smqauthn.Session, token, id string, connections []string) error {
-	if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, policies.EditPermission, policies.ClientType, id); err != nil {
+	if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, updatePermission, policies.ClientType, id); err != nil {
 		return err
 	}
 
@@ -80,7 +86,7 @@ func (am *authorizationMiddleware) List(ctx context.Context, session smqauthn.Se
 }
 
 func (am *authorizationMiddleware) Remove(ctx context.Context, session smqauthn.Session, id string) error {
-	if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, policies.DeletePermission, policies.ClientType, id); err != nil {
+	if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, deletePermission, policies.ClientType, id); err != nil {
 		return err
 	}
 

diff --git a/cmd/bootstrap/main.go b/cmd/bootstrap/main.go
@@ -65,7 +65,8 @@ type config struct {
 	LogLevel            string  `env:"SMQ_BOOTSTRAP_LOG_LEVEL"        envDefault:"info"`
 	EncKey              string  `env:"SMQ_BOOTSTRAP_ENCRYPT_KEY"      envDefault:"12345678910111213141516171819202"`
 	ESConsumerName      string  `env:"SMQ_BOOTSTRAP_EVENT_CONSUMER"   envDefault:"bootstrap"`
-	ClientsURL          string  `env:"SMQ_CLIENTS_URL"                envDefault:"http://localhost:9000"`
+	ClientsURL          string  `env:"SMQ_CLIENTS_URL"                envDefault:"http://localhost:9006"`
+	ChannelsURL         string  `env:"SMQ_CHANNELS_URL"               envDefault:"http://localhost:9005"`
 	JaegerURL           url.URL `env:"SMQ_JAEGER_URL"                 envDefault:"http://localhost:4318/v1/traces"`
 	SendTelemetry       bool    `env:"SMQ_SEND_TELEMETRY"             envDefault:"true"`
 	InstanceID          string  `env:"SMQ_BOOTSTRAP_INSTANCE_ID"      envDefault:""`
@@ -221,7 +222,8 @@ func newService(ctx context.Context, authz smqauthz.Authorization, policySvc pol
 	repoConfig := bootstrappg.NewConfigRepository(database, logger)
 
 	config := mgsdk.Config{
-		ClientsURL: cfg.ClientsURL,
+		ClientsURL:  cfg.ClientsURL,
+		ChannelsURL: cfg.ChannelsURL,
 	}
 
 	sdk := mgsdk.NewSDK(config)

diff --git a/docker/.env b/docker/.env
@@ -406,8 +406,8 @@ SMQ_BOOTSTRAP_HTTP_SERVER_CERT=
 SMQ_BOOTSTRAP_HTTP_SERVER_KEY=
 SMQ_BOOTSTRAP_DB_HOST=bootstrap-db
 SMQ_BOOTSTRAP_DB_PORT=5432
-SMQ_BOOTSTRAP_DB_USER=supermq
-SMQ_BOOTSTRAP_DB_PASS=supermq
+SMQ_BOOTSTRAP_DB_USER=magistrala
+SMQ_BOOTSTRAP_DB_PASS=magistrala
 SMQ_BOOTSTRAP_DB_NAME=bootstrap
 SMQ_BOOTSTRAP_DB_SSL_MODE=disable
 SMQ_BOOTSTRAP_DB_SSL_CERT=

diff --git a/docker/addons/bootstrap/docker-compose.yml b/docker/addons/bootstrap/docker-compose.yml
@@ -18,68 +18,74 @@ services:
     container_name: magistrala-bootstrap-db
     restart: on-failure
     environment:
-      POSTGRES_USER: ${MG_BOOTSTRAP_DB_USER}
-      POSTGRES_PASSWORD: ${MG_BOOTSTRAP_DB_PASS}
-      POSTGRES_DB: ${MG_BOOTSTRAP_DB_NAME}
+      POSTGRES_USER: ${SMQ_BOOTSTRAP_DB_USER}
+      POSTGRES_PASSWORD: ${SMQ_BOOTSTRAP_DB_PASS}
+      POSTGRES_DB: ${SMQ_BOOTSTRAP_DB_NAME}
     networks:
       - magistrala-base-net
     volumes:
       - magistrala-bootstrap-db-volume:/var/lib/postgresql/data
 
   bootstrap:
-    image: magistrala/bootstrap:${MG_RELEASE_TAG}
+    image: ghcr.io/absmach/magistrala/bootstrap:${SMQ_RELEASE_TAG}
     container_name: magistrala-bootstrap
     depends_on:
       - bootstrap-db
     restart: on-failure
     ports:
-      - ${MG_BOOTSTRAP_HTTP_PORT}:${MG_BOOTSTRAP_HTTP_PORT}
+      - ${SMQ_BOOTSTRAP_HTTP_PORT}:${SMQ_BOOTSTRAP_HTTP_PORT}
     environment:
-      MG_BOOTSTRAP_LOG_LEVEL: ${MG_BOOTSTRAP_LOG_LEVEL}
-      MG_BOOTSTRAP_ENCRYPT_KEY: ${MG_BOOTSTRAP_ENCRYPT_KEY}
-      MG_BOOTSTRAP_EVENT_CONSUMER: ${MG_BOOTSTRAP_EVENT_CONSUMER}
-      MG_ES_URL: ${MG_ES_URL}
-      MG_BOOTSTRAP_HTTP_HOST: ${MG_BOOTSTRAP_HTTP_HOST}
-      MG_BOOTSTRAP_HTTP_PORT: ${MG_BOOTSTRAP_HTTP_PORT}
-      MG_BOOTSTRAP_HTTP_SERVER_CERT: ${MG_BOOTSTRAP_HTTP_SERVER_CERT}
-      MG_BOOTSTRAP_HTTP_SERVER_KEY: ${MG_BOOTSTRAP_HTTP_SERVER_KEY}
-      MG_BOOTSTRAP_DB_HOST: ${MG_BOOTSTRAP_DB_HOST}
-      MG_BOOTSTRAP_DB_PORT: ${MG_BOOTSTRAP_DB_PORT}
-      MG_BOOTSTRAP_DB_USER: ${MG_BOOTSTRAP_DB_USER}
-      MG_BOOTSTRAP_DB_PASS: ${MG_BOOTSTRAP_DB_PASS}
-      MG_BOOTSTRAP_DB_NAME: ${MG_BOOTSTRAP_DB_NAME}
-      MG_BOOTSTRAP_DB_SSL_MODE: ${MG_BOOTSTRAP_DB_SSL_MODE}
-      MG_BOOTSTRAP_DB_SSL_CERT: ${MG_BOOTSTRAP_DB_SSL_CERT}
-      MG_BOOTSTRAP_DB_SSL_KEY: ${MG_BOOTSTRAP_DB_SSL_KEY}
-      MG_BOOTSTRAP_DB_SSL_ROOT_CERT: ${MG_BOOTSTRAP_DB_SSL_ROOT_CERT}
-      MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
-      MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
-      MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
-      MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
-      MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
-      MG_THINGS_URL: ${MG_THINGS_URL}
-      MG_JAEGER_URL: ${MG_JAEGER_URL}
-      MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
-      MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
-      MG_BOOTSTRAP_INSTANCE_ID: ${MG_BOOTSTRAP_INSTANCE_ID}
-      MG_SPICEDB_PRE_SHARED_KEY: ${MG_SPICEDB_PRE_SHARED_KEY}
-      MG_SPICEDB_HOST: ${MG_SPICEDB_HOST}
-      MG_SPICEDB_PORT: ${MG_SPICEDB_PORT}
+      SMQ_BOOTSTRAP_LOG_LEVEL: ${SMQ_BOOTSTRAP_LOG_LEVEL}
+      SMQ_BOOTSTRAP_ENCRYPT_KEY: ${SMQ_BOOTSTRAP_ENCRYPT_KEY}
+      SMQ_BOOTSTRAP_EVENT_CONSUMER: ${SMQ_BOOTSTRAP_EVENT_CONSUMER}
+      SMQ_ES_URL: ${SMQ_ES_URL}
+      SMQ_BOOTSTRAP_HTTP_HOST: ${SMQ_BOOTSTRAP_HTTP_HOST}
+      SMQ_BOOTSTRAP_HTTP_PORT: ${SMQ_BOOTSTRAP_HTTP_PORT}
+      SMQ_BOOTSTRAP_HTTP_SERVER_CERT: ${SMQ_BOOTSTRAP_HTTP_SERVER_CERT}
+      SMQ_BOOTSTRAP_HTTP_SERVER_KEY: ${SMQ_BOOTSTRAP_HTTP_SERVER_KEY}
+      SMQ_BOOTSTRAP_DB_HOST: ${SMQ_BOOTSTRAP_DB_HOST}
+      SMQ_BOOTSTRAP_DB_PORT: ${SMQ_BOOTSTRAP_DB_PORT}
+      SMQ_BOOTSTRAP_DB_USER: ${SMQ_BOOTSTRAP_DB_USER}
+      SMQ_BOOTSTRAP_DB_PASS: ${SMQ_BOOTSTRAP_DB_PASS}
+      SMQ_BOOTSTRAP_DB_NAME: ${SMQ_BOOTSTRAP_DB_NAME}
+      SMQ_BOOTSTRAP_DB_SSL_MODE: ${SMQ_BOOTSTRAP_DB_SSL_MODE}
+      SMQ_BOOTSTRAP_DB_SSL_CERT: ${SMQ_BOOTSTRAP_DB_SSL_CERT}
+      SMQ_BOOTSTRAP_DB_SSL_KEY: ${SMQ_BOOTSTRAP_DB_SSL_KEY}
+      SMQ_BOOTSTRAP_DB_SSL_ROOT_CERT: ${SMQ_BOOTSTRAP_DB_SSL_ROOT_CERT}
+      SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL}
+      SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT}
+      SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
+      SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
+      SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
+      SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL}
+      SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT}
+      SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
+      SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
+      SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
+      SMQ_CLIENTS_URL: ${SMQ_CLIENTS_URL}
+      SMQ_CHANNELS_URL: ${SMQ_CHANNELS_URL}
+      SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
+      SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
+      SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
+      SMQ_BOOTSTRAP_INSTANCE_ID: ${SMQ_BOOTSTRAP_INSTANCE_ID}
+      SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY}
+      SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST}
+      SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT}
     networks:
       - magistrala-base-net
     volumes:
       - type: bind
-        source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
-        target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_CERT:+.crt}
+        source: ${SMQ_ADDONS_CERTS_PATH_PREFIX}${SMQ_AUTH_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
+        target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt}
         bind:
           create_host_path: true
       - type: bind
-        source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
-        target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_KEY:+.key}
+        source: ${SMQ_ADDONS_CERTS_PATH_PREFIX}${SMQ_AUTH_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
+        target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key}
         bind:
           create_host_path: true
       - type: bind
-        source: ${MG_ADDONS_CERTS_PATH_PREFIX}${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
-        target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
+        source: ${SMQ_ADDONS_CERTS_PATH_PREFIX}${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
+        target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
         bind:
-          create_host_path: true
+          create_host_path: true
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -175,7 +175,7 @@ services:
       - magistrala-base-net
     volumes:
       - magistrala-domains-db-volume:/var/lib/postgresql/data
-  
+
   domains-redis:
     image: redis:7.2.4-alpine
     container_name: magistrala-domains-redis
@@ -366,11 +366,11 @@ services:
       - ./nginx/snippets:/etc/nginx/snippets
       - ./ssl/authorization.js:/etc/nginx/authorization.js
       - type: bind
-        source: ${SMQ_NGINX_SERVER_CERT:-./ssl/certs/supermq-server.crt}
-        target: /etc/ssl/certs/supermq-server.crt
+        source: ${SMQ_NGINX_SERVER_CERT:-./ssl/certs/magistrala-server.crt}
+        target: /etc/ssl/certs/magistrala-server.crt
       - type: bind
-        source: ${SMQ_NGINX_SERVER_KEY:-./ssl/certs/supermq-server.key}
-        target: /etc/ssl/private/supermq-server.key
+        source: ${SMQ_NGINX_SERVER_KEY:-./ssl/certs/magistrala-server.key}
+        target: /etc/ssl/private/magistrala-server.key
       - type: bind
         source: ${SMQ_NGINX_SERVER_CLIENT_CA:-./ssl/certs/ca.crt}
         target: /etc/ssl/certs/ca.crt
@@ -750,7 +750,6 @@ services:
         bind:
           create_host_path: true
 
-
   groups-db:
     image: postgres:16.2-alpine
     container_name: magistrala-groups-db
@@ -853,7 +852,6 @@ services:
         bind:
           create_host_path: true
 
-
   jaeger:
     image: jaegertracing/all-in-one:1.60
     container_name: magistrala-jaeger

diff --git a/docker/nginx/entrypoint.sh b/docker/nginx/entrypoint.sh
@@ -2,25 +2,27 @@
 # Copyright (c) Abstract Machines
 # SPDX-License-Identifier: Apache-2.0
 
-if [ -z "$MG_MQTT_CLUSTER" ]
+if [ -z "$SMQ_MQTT_CLUSTER" ]
 then
-      envsubst '${MG_MQTT_ADAPTER_MQTT_PORT}' < /etc/nginx/snippets/mqtt-upstream-single.conf > /etc/nginx/snippets/mqtt-upstream.conf
-      envsubst '${MG_MQTT_ADAPTER_WS_PORT}' < /etc/nginx/snippets/mqtt-ws-upstream-single.conf > /etc/nginx/snippets/mqtt-ws-upstream.conf
+      envsubst '${SMQ_MQTT_ADAPTER_MQTT_PORT}' < /etc/nginx/snippets/mqtt-upstream-single.conf > /etc/nginx/snippets/mqtt-upstream.conf
+      envsubst '${SMQ_MQTT_ADAPTER_WS_PORT}' < /etc/nginx/snippets/mqtt-ws-upstream-single.conf > /etc/nginx/snippets/mqtt-ws-upstream.conf
 else
-      envsubst '${MG_MQTT_ADAPTER_MQTT_PORT}' < /etc/nginx/snippets/mqtt-upstream-cluster.conf > /etc/nginx/snippets/mqtt-upstream.conf
-      envsubst '${MG_MQTT_ADAPTER_WS_PORT}' < /etc/nginx/snippets/mqtt-ws-upstream-cluster.conf > /etc/nginx/snippets/mqtt-ws-upstream.conf
+      envsubst '${SMQ_MQTT_ADAPTER_MQTT_PORT}' < /etc/nginx/snippets/mqtt-upstream-cluster.conf > /etc/nginx/snippets/mqtt-upstream.conf
+      envsubst '${SMQ_MQTT_ADAPTER_WS_PORT}' < /etc/nginx/snippets/mqtt-ws-upstream-cluster.conf > /etc/nginx/snippets/mqtt-ws-upstream.conf
 fi
 
 envsubst '
-    ${MG_NGINX_SERVER_NAME}
-    ${MG_AUTH_HTTP_PORT}
-    ${MG_USERS_HTTP_PORT}
-    ${MG_THINGS_HTTP_PORT}
-    ${MG_THINGS_AUTH_HTTP_PORT}
-    ${MG_HTTP_ADAPTER_PORT}
-    ${MG_NGINX_MQTT_PORT}
-    ${MG_NGINX_MQTTS_PORT}
-    ${MG_INVITATIONS_HTTP_PORT}
-    ${MG_WS_ADAPTER_HTTP_PORT}' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
+    ${SMQ_NGINX_SERVER_NAME}
+    ${SMQ_DOMAINS_HTTP_PORT}
+    ${SMQ_GROUPS_HTTP_PORT}
+    ${SMQ_USERS_HTTP_PORT}
+    ${SMQ_CLIENTS_HTTP_PORT}
+    ${SMQ_CLIENTS_AUTH_HTTP_PORT}
+    ${SMQ_CHANNELS_HTTP_PORT}
+    ${SMQ_HTTP_ADAPTER_PORT}
+    ${SMQ_NGINX_MQTT_PORT}
+    ${SMQ_NGINX_MQTTS_PORT}
+    ${SMQ_INVITATIONS_HTTP_PORT}
+    ${SMQ_WS_ADAPTER_HTTP_PORT}' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
 
-exec nginx -g "daemon off;"
+exec nginx -g "daemon off;"
diff --git a/docker/nginx/nginx-key.conf b/docker/nginx/nginx-key.conf
@@ -40,7 +40,7 @@ http {
         listen [::]:443 ssl default_server;
         http2 on;
 
-        set $dynamic_server_name "$MG_NGINX_SERVER_NAME";
+        set $dynamic_server_name "$SMQ_NGINX_SERVER_NAME";
 
         if ($dynamic_server_name = '') {
             set $dynamic_server_name "localhost";
@@ -197,10 +197,10 @@ stream {
     include snippets/mqtt-upstream.conf;
 
     server {
-        listen ${MG_NGINX_MQTT_PORT};
-        listen [::]:${MG_NGINX_MQTT_PORT};
-        listen ${MG_NGINX_MQTTS_PORT} ssl;
-        listen [::]:${MG_NGINX_MQTTS_PORT} ssl;
+        listen ${SMQ_NGINX_MQTT_PORT};
+        listen [::]:${SMQ_NGINX_MQTT_PORT};
+        listen ${SMQ_NGINX_MQTTS_PORT} ssl;
+        listen [::]:${SMQ_NGINX_MQTTS_PORT} ssl;
 
         include snippets/ssl.conf;
 

diff --git a/docker/nginx/nginx-x509.conf b/docker/nginx/nginx-x509.conf
@@ -217,10 +217,10 @@ stream {
     include snippets/ssl-client.conf;
 
     server {
-        listen ${MG_NGINX_MQTT_PORT};
-        listen [::]:${MG_NGINX_MQTT_PORT};
-        listen ${MG_NGINX_MQTTS_PORT} ssl;
-        listen [::]:${MG_NGINX_MQTTS_PORT} ssl;
+        listen ${SMQ_NGINX_MQTT_PORT};
+        listen [::]:${SMQ_NGINX_MQTT_PORT};
+        listen ${SMQ_NGINX_MQTTS_PORT} ssl;
+        listen [::]:${SMQ_NGINX_MQTTS_PORT} ssl;
 
         include snippets/ssl.conf;
         js_preread authorization.authenticate;

diff --git a/docker/nginx/snippets/mqtt-upstream-cluster.conf b/docker/nginx/snippets/mqtt-upstream-cluster.conf
@@ -3,7 +3,7 @@
 
 upstream mqtt_cluster {
     least_conn;
-    server mqtt-adapter-1:${MG_MQTT_ADAPTER_MQTT_PORT};
-    server mqtt-adapter-2:${MG_MQTT_ADAPTER_MQTT_PORT};
-    server mqtt-adapter-3:${MG_MQTT_ADAPTER_MQTT_PORT};
+    server mqtt-adapter-1:${SMQ_MQTT_ADAPTER_MQTT_PORT};
+    server mqtt-adapter-2:${SMQ_MQTT_ADAPTER_MQTT_PORT};
+    server mqtt-adapter-3:${SMQ_MQTT_ADAPTER_MQTT_PORT};
 }
diff --git a/docker/nginx/snippets/mqtt-upstream-single.conf b/docker/nginx/snippets/mqtt-upstream-single.conf
@@ -2,5 +2,5 @@
 # SPDX-License-Identifier: Apache-2.0
 
 upstream mqtt_cluster {
-        server mqtt-adapter:${MG_MQTT_ADAPTER_MQTT_PORT};
+        server mqtt-adapter:${SMQ_MQTT_ADAPTER_MQTT_PORT};
 }
diff --git a/docker/nginx/snippets/mqtt-ws-upstream-cluster.conf b/docker/nginx/snippets/mqtt-ws-upstream-cluster.conf
@@ -3,7 +3,7 @@
 
 upstream mqtt_ws_cluster {
     least_conn;
-    server mqtt-adapter-1:${MG_MQTT_ADAPTER_WS_PORT};
-    server mqtt-adapter-2:${MG_MQTT_ADAPTER_WS_PORT};
-    server mqtt-adapter-3:${MG_MQTT_ADAPTER_WS_PORT};
+    server mqtt-adapter-1:${SMQ_MQTT_ADAPTER_WS_PORT};
+    server mqtt-adapter-2:${SMQ_MQTT_ADAPTER_WS_PORT};
+    server mqtt-adapter-3:${SMQ_MQTT_ADAPTER_WS_PORT};
 }
diff --git a/docker/nginx/snippets/mqtt-ws-upstream-single.conf b/docker/nginx/snippets/mqtt-ws-upstream-single.conf
@@ -2,5 +2,5 @@
 # SPDX-License-Identifier: Apache-2.0
 
 upstream mqtt_ws_cluster {
-        server mqtt-adapter:${MG_MQTT_ADAPTER_WS_PORT};
+        server mqtt-adapter:${SMQ_MQTT_ADAPTER_WS_PORT};
 }