A security-focused API Gateway with a lightweight approach, built with Quarkus.
<dependency>
<groupId>de.cuioss.sheriff.api</groupId>
<artifactId>api-sheriff</artifactId>
</dependency>The deployable Quarkus application module — core library, CDI producers, REST endpoints, and native executable target.
Integration test coordinator — Docker infrastructure, native container builds, and IT suites with HTTPS support.
Build the native executable and production Docker image:
# Build native executable
./mvnw clean install -Pnative -pl api-sheriff -am -DskipTests
# Build production Docker image
docker build -f api-sheriff/src/main/docker/Dockerfile.native -t api-sheriff:latest api-sheriff/Run with TLS certificates mounted at runtime:
docker run -p 8443:8443 -p 127.0.0.1:9000:9000 \
-v /path/to/certs:/certs:ro \
-e QUARKUS_HTTP_SSL_CERTIFICATE_FILES=/certs/server.crt \
-e QUARKUS_HTTP_SSL_CERTIFICATE_KEY_FILES=/certs/server.key \
api-sheriff:latest-
Port
8443(HTTPS) — application endpoints (/api/health,/api/info) -
Port
9000(plain HTTP) — management endpoints (/q/health,/q/metrics); bound to127.0.0.1(loopback only) so the unauthenticated management interface is not exposed on all host interfaces, matching the security posture documented indoc/architecture.adoc