2022-05-02 16:19:17 +02:00
|
|
|
version: "3.7"
|
|
|
|
|
|
|
|
services:
|
|
|
|
blaze:
|
2023-05-16 11:57:27 +02:00
|
|
|
image: docker.verbis.dkfz.de/cache/samply/blaze:latest
|
2022-05-02 16:19:17 +02:00
|
|
|
container_name: bridgehead-ccp-blaze
|
|
|
|
environment:
|
2022-09-07 11:09:53 +02:00
|
|
|
BASE_URL: "http://bridgehead-ccp-blaze:8080"
|
2022-05-02 16:19:17 +02:00
|
|
|
JAVA_TOOL_OPTIONS: "-Xmx4g"
|
|
|
|
ENFORCE_REFERENTIAL_INTEGRITY: "false"
|
|
|
|
volumes:
|
2022-10-11 18:29:08 +02:00
|
|
|
- "blaze-data:/app/data"
|
2022-05-02 16:19:17 +02:00
|
|
|
labels:
|
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)"
|
|
|
|
- "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement"
|
|
|
|
- "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080"
|
2022-11-03 17:19:15 +01:00
|
|
|
- "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth"
|
2022-05-02 16:19:17 +02:00
|
|
|
- "traefik.http.routers.blaze_ccp.tls=true"
|
|
|
|
|
2023-06-16 16:24:48 +02:00
|
|
|
focus:
|
2024-02-12 09:55:29 +01:00
|
|
|
image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
|
2023-06-16 16:24:48 +02:00
|
|
|
container_name: bridgehead-focus
|
2022-05-02 16:19:17 +02:00
|
|
|
environment:
|
2023-06-19 13:33:26 +02:00
|
|
|
API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
|
2023-06-16 16:24:48 +02:00
|
|
|
BEAM_APP_ID_LONG: focus.${PROXY_ID}
|
2022-09-07 11:09:53 +02:00
|
|
|
PROXY_ID: ${PROXY_ID}
|
2023-06-16 16:24:48 +02:00
|
|
|
BLAZE_URL: "http://bridgehead-ccp-blaze:8080/fhir/"
|
|
|
|
BEAM_PROXY_URL: http://beam-proxy:8081
|
|
|
|
RETRY_COUNT: ${FOCUS_RETRY_COUNT}
|
2023-11-02 08:34:56 +01:00
|
|
|
EPSILON: 0.28
|
2022-09-07 11:09:53 +02:00
|
|
|
depends_on:
|
|
|
|
- "beam-proxy"
|
|
|
|
- "blaze"
|
2022-09-05 16:01:56 +02:00
|
|
|
|
|
|
|
beam-proxy:
|
2023-03-09 11:16:34 +01:00
|
|
|
image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
|
2022-09-07 11:09:53 +02:00
|
|
|
container_name: bridgehead-beam-proxy
|
2022-09-05 16:01:56 +02:00
|
|
|
environment:
|
|
|
|
BROKER_URL: ${BROKER_URL}
|
|
|
|
PROXY_ID: ${PROXY_ID}
|
2023-06-19 13:25:22 +02:00
|
|
|
APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
|
2022-09-05 16:01:56 +02:00
|
|
|
PRIVKEY_FILE: /run/secrets/proxy.pem
|
2022-09-29 16:31:35 +02:00
|
|
|
ALL_PROXY: http://forward_proxy:3128
|
2022-10-11 18:29:08 +02:00
|
|
|
TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
|
2022-11-22 14:24:56 +01:00
|
|
|
ROOTCERT_FILE: /conf/root.crt.pem
|
2022-09-05 16:01:56 +02:00
|
|
|
secrets:
|
|
|
|
- proxy.pem
|
2022-09-07 11:09:53 +02:00
|
|
|
depends_on:
|
|
|
|
- "forward_proxy"
|
2022-10-11 18:29:08 +02:00
|
|
|
volumes:
|
|
|
|
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
|
2023-06-28 14:55:35 +02:00
|
|
|
- /srv/docker/bridgehead/ccp/root.crt.pem:/conf/root.crt.pem:ro
|
2022-09-05 16:01:56 +02:00
|
|
|
|
2023-11-29 09:29:18 +01:00
|
|
|
traefik:
|
|
|
|
labels:
|
|
|
|
- "traefik.http.middlewares.oidcAuth.forwardAuth.address=http://oauth2_proxy:4180/"
|
|
|
|
- "traefik.http.middlewares.oidcAuth.forwardAuth.trustForwardHeader=true"
|
|
|
|
- "traefik.http.middlewares.oidcAuth.forwardAuth.authResponseHeaders=X-Auth-Request-Access-Token,Authorization"
|
|
|
|
|
|
|
|
|
|
|
|
oauth2_proxy:
|
|
|
|
image: quay.io/oauth2-proxy/oauth2-proxy
|
|
|
|
container_name: bridgehead_oauth2_proxy
|
|
|
|
command: >-
|
|
|
|
--allowed-group=/${KEYCLOAK_USER_GROUP}
|
|
|
|
--oidc-groups-claim=${KEYCLOAK_GROUP_CLAIM}
|
|
|
|
--auth-logging=true
|
|
|
|
--whitelist-domain=${HOST}
|
|
|
|
--http-address="0.0.0.0:4180"
|
|
|
|
--reverse-proxy=true
|
|
|
|
--upstream="static://202"
|
|
|
|
--email-domain="*"
|
|
|
|
--cookie-name="_BRIDGEHEAD_oauth2"
|
|
|
|
--cookie-secret="${OAUTH2_PROXY_SECRET}"
|
|
|
|
--cookie-expire="12h"
|
|
|
|
--cookie-secure="true"
|
|
|
|
--cookie-httponly="true"
|
|
|
|
#OIDC settings
|
|
|
|
--provider="keycloak-oidc"
|
|
|
|
--provider-display-name="VerbIS Login"
|
|
|
|
--client-id="${KEYCLOAK_PRIVATE_CLIENT_ID}"
|
|
|
|
--client-secret="${OIDC_CLIENT_SECRET}"
|
2023-11-30 17:39:01 +01:00
|
|
|
--redirect-url="https://${HOST}${OAUTH2_CALLBACK}"
|
2023-11-29 09:29:18 +01:00
|
|
|
--oidc-issuer-url="${KEYCLOAK_ISSUER_URL}"
|
|
|
|
--scope="openid email profile"
|
|
|
|
--code-challenge-method="S256"
|
|
|
|
--skip-provider-button=true
|
|
|
|
#X-Forwarded-Header settings - true/false depending on your needs
|
|
|
|
--pass-basic-auth=true
|
|
|
|
--pass-user-headers=false
|
|
|
|
--pass-access-token=false
|
|
|
|
labels:
|
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.routers.oauth2_proxy.rule=Host(`${HOST}`) && PathPrefix(`/oauth2`, `/oauth2/callback`)"
|
|
|
|
- "traefik.http.services.oauth2_proxy.loadbalancer.server.port=4180"
|
|
|
|
- "traefik.http.routers.oauth2_proxy.tls=true"
|
|
|
|
|
2022-05-02 16:19:17 +02:00
|
|
|
|
|
|
|
volumes:
|
|
|
|
blaze-data:
|
2022-09-05 16:01:56 +02:00
|
|
|
|
|
|
|
secrets:
|
|
|
|
proxy.pem:
|
2022-09-30 16:05:36 +02:00
|
|
|
file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
|