samply/bridgehead
1
0
Fork 0
mirror of https://github.com/samply/bridgehead.git synced 2025-06-17 08:20:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add oauth2_proxy

Browse Source
This commit is contained in:
juarez
2023-11-29 09:29:18 +01:00
parent f6965859fe
commit 0cd4ededc7
5 changed files with 50 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ccp/modules/datashield-compose.yml
View File

@ -8,15 +8,15 @@ services:
#DEFAULT_USER: "rstudio" # This line is kept for informational purposes
PASSWORD: "${RSTUDIO_ADMIN_PASSWORD}" # It is required, even if the authentication is disabled
DISABLE_AUTH: "true" # https://rocker-project.org/images/versioned/rstudio.html#how-to-use
# TODO: Connect R-Studio with central Keycloak. Currently using Traefik authentication.
HTTP_RELATIVE_PATH: "/rstudio"
ALL_PROXY: "http://forward_proxy:3128" # https://rocker-project.org/use/networking.html
labels:
- "traefik.enable=true"
- "traefik.http.routers.rstudio_ccp.rule=PathPrefix(`/rstudio`)"
- "traefik.http.services.rstudio_ccp.loadbalancer.server.port=8787"
- "traefik.http.routers.rstudio_ccp.tls=true"
- "traefik.http.middlewares.rstudio_ccp_strip.stripprefix.prefixes=/rstudio"
- "traefik.http.routers.rstudio_ccp.tls=true"
- "traefik.http.routers.rstudio_ccp.middlewares=oidcAuth,rstudio_ccp_strip"
opal:
container_name: bridgehead-opal

1
ccp/modules/datashield-setup.sh
View File

@ -9,6 +9,7 @@ if [ "$ENABLE_DATASHIELD" == true ]; then
OPAL_ADMIN_PASSWORD="$(generate_password \"admin password for Opal\")"
RSTUDIO_ADMIN_PASSWORD="$(generate_password \"admin password for R-Studio\")"
DATASHIELD_CONNECT_SECRET="$(echo \"This is a salt string to generate one consistent password as the DataShield Connect secret. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
OAUTH2_PROXY_SECRET="$(echo \"This is a salt string to generate one consistent encryption key for the oauth2_proxy. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 32)"
if [ ! -e /tmp/bridgehead/opal-cert.pem ]; then
mkdir -p /tmp/bridgehead/
chown -R bridgehead:docker /tmp/bridgehead/

2
ccp/modules/teiler-compose.yml
View File

@ -34,7 +34,7 @@ services:
KEYCLOAK_URL: "${KEYCLOAK_URL}"
KEYCLOAK_REALM: "${KEYCLOAK_REALM}"
KEYCLOAK_CLIENT_ID: "${KEYCLOAK_PUBLIC_CLIENT_ID}"
KEYCLOAK_TOKEN_GROUP: "${KEYCLOAK_TOKEN_GROUP}"
KEYCLOAK_TOKEN_GROUP: "${KEYCLOAK_GROUP_CLAIM}"
TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"