bridgehead/ccp/docker-compose.yml

106 lines
3.6 KiB
YAML
Raw Normal View History

version: "3.7"
services:
blaze:
2023-05-16 11:57:27 +02:00
image: docker.verbis.dkfz.de/cache/samply/blaze:latest
container_name: bridgehead-ccp-blaze
environment:
2022-09-07 11:09:53 +02:00
BASE_URL: "http://bridgehead-ccp-blaze:8080"
JAVA_TOOL_OPTIONS: "-Xmx4g"
ENFORCE_REFERENTIAL_INTEGRITY: "false"
volumes:
2022-10-11 18:29:08 +02:00
- "blaze-data:/app/data"
labels:
- "traefik.enable=true"
- "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)"
- "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement"
- "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080"
2022-11-03 17:19:15 +01:00
- "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth"
- "traefik.http.routers.blaze_ccp.tls=true"
2023-06-16 16:24:48 +02:00
focus:
image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
2023-06-16 16:24:48 +02:00
container_name: bridgehead-focus
environment:
2023-06-19 13:33:26 +02:00
API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
2023-06-16 16:24:48 +02:00
BEAM_APP_ID_LONG: focus.${PROXY_ID}
2022-09-07 11:09:53 +02:00
PROXY_ID: ${PROXY_ID}
2023-06-16 16:24:48 +02:00
BLAZE_URL: "http://bridgehead-ccp-blaze:8080/fhir/"
BEAM_PROXY_URL: http://beam-proxy:8081
RETRY_COUNT: ${FOCUS_RETRY_COUNT}
2023-11-02 08:34:56 +01:00
EPSILON: 0.28
2022-09-07 11:09:53 +02:00
depends_on:
- "beam-proxy"
- "blaze"
beam-proxy:
2023-03-09 11:16:34 +01:00
image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
2022-09-07 11:09:53 +02:00
container_name: bridgehead-beam-proxy
environment:
BROKER_URL: ${BROKER_URL}
PROXY_ID: ${PROXY_ID}
2023-06-19 13:25:22 +02:00
APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
PRIVKEY_FILE: /run/secrets/proxy.pem
2022-09-29 16:31:35 +02:00
ALL_PROXY: http://forward_proxy:3128
2022-10-11 18:29:08 +02:00
TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
ROOTCERT_FILE: /conf/root.crt.pem
secrets:
- proxy.pem
2022-09-07 11:09:53 +02:00
depends_on:
- "forward_proxy"
2022-10-11 18:29:08 +02:00
volumes:
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
2023-06-28 14:55:35 +02:00
- /srv/docker/bridgehead/ccp/root.crt.pem:/conf/root.crt.pem:ro
2023-11-29 09:29:18 +01:00
traefik:
labels:
- "traefik.http.middlewares.oidcAuth.forwardAuth.address=http://oauth2_proxy:4180/"
- "traefik.http.middlewares.oidcAuth.forwardAuth.trustForwardHeader=true"
- "traefik.http.middlewares.oidcAuth.forwardAuth.authResponseHeaders=X-Auth-Request-Access-Token,Authorization"
oauth2_proxy:
image: quay.io/oauth2-proxy/oauth2-proxy
container_name: bridgehead_oauth2_proxy
command: >-
--allowed-group=/${KEYCLOAK_USER_GROUP}
--oidc-groups-claim=${KEYCLOAK_GROUP_CLAIM}
--auth-logging=true
--whitelist-domain=${HOST}
--http-address="0.0.0.0:4180"
--reverse-proxy=true
--upstream="static://202"
--email-domain="*"
--cookie-name="_BRIDGEHEAD_oauth2"
--cookie-secret="${OAUTH2_PROXY_SECRET}"
--cookie-expire="12h"
--cookie-secure="true"
--cookie-httponly="true"
#OIDC settings
--provider="keycloak-oidc"
--provider-display-name="VerbIS Login"
--client-id="${KEYCLOAK_PRIVATE_CLIENT_ID}"
--client-secret="${OIDC_CLIENT_SECRET}"
--redirect-url="https://${HOST}/oauth2/callback"
--oidc-issuer-url="${KEYCLOAK_ISSUER_URL}"
--scope="openid email profile"
--code-challenge-method="S256"
--skip-provider-button=true
#X-Forwarded-Header settings - true/false depending on your needs
--pass-basic-auth=true
--pass-user-headers=false
--pass-access-token=false
labels:
- "traefik.enable=true"
- "traefik.http.routers.oauth2_proxy.rule=Host(`${HOST}`) && PathPrefix(`/oauth2`, `/oauth2/callback`)"
- "traefik.http.services.oauth2_proxy.loadbalancer.server.port=4180"
- "traefik.http.routers.oauth2_proxy.tls=true"
volumes:
blaze-data:
secrets:
proxy.pem:
2022-09-30 16:05:36 +02:00
file: /etc/bridgehead/pki/${SITE_ID}.priv.pem