From 007e7eb2ff2370c26e7e89bb9dfe5d9d155f7bbc Mon Sep 17 00:00:00 2001
From: Eric FELIXINE <eric@digitribe.fr>
Date: Thu, 7 May 2026 10:35:52 -0400
Subject: [PATCH] =?UTF-8?q?Fix:=20S=C3=A9curisation=20CrateDB-Stellio=20+?=
 =?UTF-8?q?=20healthchecks=20MongoDB/Mosquitto?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Suppression exposition publique ports CrateDB-Stellio (sécurité)
- Ajout service iot-mongodb avec healthcheck fonctionnel (mongo ping)
- Correction healthcheck Mosquitto (port check au lieu de topic)
- Nettoyage container digital-twin-grafana en conflit
---
 docker-compose.iot-agent.yml           | 24 +++++++++++++++++++++++-
 docker-compose.mosquitto.yml           |  2 +-
 docker-compose.quantumleap-stellio.yml |  4 +---
 3 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/docker-compose.iot-agent.yml b/docker-compose.iot-agent.yml
index 78b7b73d..ec96cfe6 100644
--- a/docker-compose.iot-agent.yml
+++ b/docker-compose.iot-agent.yml
@@ -58,7 +58,24 @@ services:
       - IOTA_DEFAULT_RESOURCE=/
       - IOTA_DEFAULT_APIKEY=smartcity-mosquitto
 
-  # Instance 3: BunkerM (Stellio NGSI-LD)
+  # MongoDB for IoT Agents
+  iot-mongodb:
+    image: mongo:4.4
+    container_name: smart-city-iot-mongodb
+    restart: unless-stopped
+    networks:
+      - smartcity-shared
+    ports:
+      - "27017:27017"
+    volumes:
+      - iot-mongodb-data:/data/db
+    healthcheck:
+      test: ["CMD", "mongo", "--eval", "db.adminCommand('ping')"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  # Instance3: BunkerM (Stellio NGSI-LD)
   iot-agent-bunkerm:
     image: fiware/iotagent-json:latest
     container_name: smart-city-iot-agent-bunkerm
@@ -89,3 +106,8 @@ networks:
     external: true
   traefik-public:
     external: true
+
+volumes:
+  iot-mongodb-data:
+    external: true
+    name: smart-city-digital-twin-martinique_iot-mongodb-data
diff --git a/docker-compose.mosquitto.yml b/docker-compose.mosquitto.yml
index f92bed93..7c5e9af2 100644
--- a/docker-compose.mosquitto.yml
+++ b/docker-compose.mosquitto.yml
@@ -18,7 +18,7 @@ services:
       - mosquitto-logs:/mosquitto/log
     command: mosquitto -c /mosquitto/config/mosquitto.conf
     healthcheck:
-      test: ["CMD", "mosquitto_sub", "-h", "localhost", "-p", "1883", "-t", "test", "-W", "1"]
+      test: ["CMD-SHELL", "bash -c 'cat < /dev/tcp/localhost/1883'"]
       interval: 30s
       timeout: 10s
       retries: 3
diff --git a/docker-compose.quantumleap-stellio.yml b/docker-compose.quantumleap-stellio.yml
index 9aa4780e..6ad4a5d7 100644
--- a/docker-compose.quantumleap-stellio.yml
+++ b/docker-compose.quantumleap-stellio.yml
@@ -37,9 +37,7 @@ services:
       smartcity-shared:
         aliases:
           - smart-city-cratedb-stellio
-    ports:
-      - "4201:4200"
-      - "5433:5432"
+    # Ports removed for security - accessed only via Docker network by QuantumLeap
     volumes:
       - smart-city-cratedb-stellio-data:/data
     command: -Ccluster.name=stellio