diff --git a/ccp/modules/exporter-compose.yml b/ccp/modules/exporter-compose.yml index 2b71d69..04ae29d 100644 --- a/ccp/modules/exporter-compose.yml +++ b/ccp/modules/exporter-compose.yml @@ -15,12 +15,16 @@ services: TEMP_FILES_LIFETIME_IN_DAYS: "1" CLEAN_WRITE_FILES_CRON_EXPRESSION: "0 0 2 * * *" WRITE_FILES_LIFETIME_IN_DAYS: "30" + HTTP_RELATIVE_PATH: "/ccp-exporter" labels: - "traefik.enable=true" - "traefik.http.routers.exporter_ccp.rule=PathPrefix(`/ccp-exporter`)" - "traefik.http.services.exporter_ccp.loadbalancer.server.port=8092" - "traefik.http.routers.exporter_ccp.tls=true" - - "traefik.http.routers.exporter_ccp.middlewares=auth" + # TODO: Add basic auth in Teiler UI to access exporter? + #- "traefik.http.routers.exporter_ccp.middlewares=auth" + - "traefik.http.middlewares.exporter_ccp_strip.stripprefix.prefixes=/ccp-exporter" + - "traefik.http.routers.exporter_ccp.middlewares=exporter_ccp_strip" volumes: - "bridgehead-exporter:/app/exporter-files" diff --git a/ccp/modules/login-compose.yml b/ccp/modules/login-compose.yml new file mode 100644 index 0000000..1832bc4 --- /dev/null +++ b/ccp/modules/login-compose.yml @@ -0,0 +1,38 @@ +version: "3.7" + +services: + ############################################ Keycloak + login-db: + image: postgres:15.1-alpine + container_name: bridgehead-login-db + environment: + POSTGRES_USER: "keycloak" + POSTGRES_PASSWORD: "${KEYCLOAK_DB_PASSWORD}" # Set in teiler-setup.sh + POSTGRES_DB: "keycloak" + volumes: + - "bridgehead-login-db:/var/lib/postgresql/data" + + login: + image: docker.verbis.dkfz.de/ccp/dktk-keycloak:latest + container_name: bridgehead-login + environment: + KEYCLOAK_ADMIN: "admin" + KEYCLOAK_ADMIN_PASSWORD: "${KEYCLOAK_ADMIN_PASSWORD}" + KC_DB_PASSWORD: "${KEYCLOAK_DB_PASSWORD}" # Set in teiler-setup.sh + KC_HOSTNAME_URL: "https://${HOST}/login" + KC_HOSTNAME_STRICT: "false" + KC_PROXY_ADDRESS_FORWARDING: "true" + TEILER_ROOT_CONFIG_EXTERN_URL: "https://${HOST}/ccp-teiler" + command: + - start-dev --import-realm --proxy edge --http-relative-path=/login + labels: + - "traefik.enable=true" + - "traefik.http.routers.login.rule=PathPrefix(`/login`)" + - "traefik.http.services.login.loadbalancer.server.port=8080" + - "traefik.http.routers.login.tls=true" + depends_on: + - login-db + +volumes: + bridgehead-login-db: + name: "bridgehead-login-db" diff --git a/ccp/modules/login-setup.sh b/ccp/modules/login-setup.sh new file mode 100644 index 0000000..2432951 --- /dev/null +++ b/ccp/modules/login-setup.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +if [ "$ENABLE_LOGIN" == true ];then + log INFO "Login setup detected -- will start Login services." + OVERRIDE+=" -f ./$PROJECT/modules/login-compose.yml" +fi +KEYCLOAK_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" diff --git a/ccp/modules/login.md b/ccp/modules/login.md new file mode 100644 index 0000000..e69de29 diff --git a/ccp/modules/teiler-ui-compose.yml b/ccp/modules/teiler-ui-compose.yml index c1bf18d..5e280a9 100644 --- a/ccp/modules/teiler-ui-compose.yml +++ b/ccp/modules/teiler-ui-compose.yml @@ -1,42 +1,9 @@ version: "3.7" services: - ############################################ Keycloak - login-db: - image: "postgres:15.1" - container_name: bridgehead-login-db - environment: - POSTGRES_USER: "keycloak" - POSTGRES_PASSWORD: "${KEYCLOAK_DB_PASSWORD}" # Set in teiler-setup.sh - POSTGRES_DB: "keycloak" - volumes: - - "bridgehead-login-db:/var/lib/postgresql/data" - login: - image: docker.verbis.dkfz.de/ccp/dktk-keycloak:latest - container_name: bridgehead-login - environment: - KEYCLOAK_ADMIN: "admin" - KEYCLOAK_ADMIN_PASSWORD: "${KEYCLOAK_ADMIN_PASSWORD}" - KC_DB_PASSWORD: "${KEYCLOAK_DB_PASSWORD}" # Set in teiler-setup.sh - KC_HOSTNAME_URL: "https://${HOST}/login" - KC_HOSTNAME_STRICT: "false" - KC_PROXY_ADDRESS_FORWARDING: "true" - TEILER_ROOT_CONFIG_EXTERN_URL: "https://${HOST}/ccp-teiler" - command: - - start-dev --import-realm --proxy edge --http-relative-path=/login - labels: - - "traefik.enable=true" - - "traefik.http.routers.login.rule=PathPrefix(`/login`)" - - "traefik.http.services.login.loadbalancer.server.port=8080" - - "traefik.http.routers.login.tls=true" - depends_on: - - login-db - - ############################################ Teiler-UI teiler-root-config: - #image: samply/teiler-root-config:developer - image: teiler-root-config + image: docker.verbis.dkfz.de/cache/samply/teiler-root-config:develop container_name: bridgehead-teiler-root-config labels: - "traefik.enable=true" @@ -49,10 +16,10 @@ services: TEILER_CORE_URL: "https://${HOST}/ccp-teiler-core" TEILER_UI_URL: "https://${HOST}/ccp-teiler-ui" DEFAULT_LANGUAGE: "de" + HTTP_RELATIVE_PATH: "/ccp-teiler" teiler-ui: - #image: samply/teiler-ui:developer - image: teiler-ui + image: docker.verbis.dkfz.de/cache/samply/teiler-ui:develop container_name: bridgehead-teiler-ui labels: - "traefik.enable=true" @@ -73,10 +40,11 @@ services: TEILER_PROJECT: "${PROJECT}" EXPORTER_API_KEY: "${EXPORTER_API_KEY}" TEILER_ROOT_CONFIG_URL: "https://${HOST}/ccp-teiler" - HTTP_RELATIVE_PATH: "/ccp-teiler" + TEILER_UI_HTTP_RELATIVE_PATH: "/ccp-teiler-ui" + TEILER_ROOT_CONFIG_HTTP_RELATIVE_PATH: "/ccp-teiler" teiler-core: - image: samply/teiler-core:developer + image: docker.verbis.dkfz.de/ccp/dktk-teiler-core:latest container_name: bridgehead-teiler-core volumes: - "/etc/bridgehead/ccp.conf:/app/ccp.conf:ro" @@ -94,183 +62,9 @@ services: DEFAULT_LANGUAGE: "DE" CONFIG_ENV_VAR_PATH: "/app/ccp.conf" TEILER_CONFIG_UPDATER_CRON: "0 1 * * * *" + TEILER_ROOT_CONFIG_HTTP_RELATIVE_PATH: "/ccp-teiler" TEILER_ROOT_CONFIG_URL: "https://${HOST}/ccp-teiler" TEILER_UI_DE_URL: "https://${HOST}/ccp-teiler-ui/de" TEILER_UI_EN_URL: "https://${HOST}/ccp-teiler-ui/en" - TEILER_APP1_NAME: "config" - # TEILER_APP2_NAME: "quality-report" - TEILER_APP4_NAME: "keycloak" - TEILER_APP4_TITLE: "Keycloak" - TEILER_APP4_EN_DESCRIPTION: "Authentication site" - TEILER_APP4_DE_DESCRIPTION: "Authentifizierungsseite" - TEILER_APP4_SOURCEURL: "https://${HOST}/login/" - TEILER_APP4_ROLES: "TEILER_ADMIN" - TEILER_APP4_ISACTIVATED: "true" - TEILER_APP4_ICONSOURCEURL: "https://upload.wikimedia.org/wikipedia/commons/2/29/Keycloak_Logo.png" - TEILER_APP4_ORDER: "5" - TEILER_APP4_ISEXTERNALLINK: "true" - TEILER_APP4_ISLOCAL: "true" - # TEILER_APP5_NAME: "pgadmin" - # TEILER_APP5_TITLE: "PgAdmin" - # TEILER_APP5_DESCRIPTION: "Database Management" - # TEILER_APP5_SOURCEURL: "http://localhost:5000" - # TEILER_APP5_ROLES: "TEILER_ADMIN" - # TEILER_APP5_ISACTIVATED: "true" - # TEILER_APP5_ICONSOURCEURL: "https://user-images.githubusercontent.com/24623425/36042969-f87531d4-0d8a-11e8-9dee-e87ab8c6a9e3.png" - # TEILER_APP5_ORDER: "6" - # TEILER_APP5_ISEXTERNALLINK: "true" - # TEILER_APP5_ISLOCAL: "true" - TEILER_APP6_NAME: "ldm" - TEILER_APP6_EN_TITLE: "Local data management" - TEILER_APP6_DE_TITLE: "Lokales Datenmanagement" - TEILER_APP6_EN_DESCRIPTION: "Local Data Management" - TEILER_APP6_DE_DESCRIPTION: "Lokales Datenmanagement" - TEILER_APP6_SOURCEURL: "${CENTRAXX_URL}" - TEILER_APP6_ROLES: "TEILER_PUBLIC" - TEILER_APP6_ISACTIVATED: "${IS_DKTK_SITE}" - TEILER_APP6_ICONCLASS: "bi bi-server" - TEILER_APP6_ORDER: "7" - TEILER_APP6_ISEXTERNALLINK: "true" - TEILER_APP6_ISLOCAL: "true" - TEILER_APP7_NAME: "id-manager" - TEILER_APP7_TITLE: "ID-Manager" - TEILER_APP7_DESCRIPTION: "ID Manager" - TEILER_APP7_SOURCEURL: "https://${HOST}/id-manager/index.html" - TEILER_APP7_ROLES: "TEILER_PUBLIC" - TEILER_APP7_ISACTIVATED: "true" - TEILER_APP7_ICONCLASS: "bi bi-person-bounding-box" - TEILER_APP7_ORDER: "8" - TEILER_APP7_ISEXTERNALLINK: "true" - TEILER_APP7_ISLOCAL: "true" - TEILER_APP8_NAME: "patient-list" - TEILER_APP8_EN_TITLE: "Patient List" - TEILER_APP8_DE_TITLE: "Patientenliste" - TEILER_APP8_EN_DESCRIPTION: "Patient List" - TEILER_APP8_DE_DESCRIPTION: "Patientenliste" - TEILER_APP8_SOURCEURL: "https://${HOST}/patientlist" - TEILER_APP8_ROLES: "TEILER_PUBLIC" - TEILER_APP8_ISACTIVATED: "true" - TEILER_APP8_ICONCLASS: "bi bi-person-rolodex" - TEILER_APP8_ORDER: "9" - TEILER_APP8_ISEXTERNALLINK: "true" - TEILER_APP8_ISLOCAL: "true" - TEILER_APP9_NAME: "project-pseudonymisation" - TEILER_APP9_EN_TITLE: "Project Pseudonymisation" - TEILER_APP9_DE_TITLE: "Projectpseudonymisierung" - TEILER_APP9_EN_DESCRIPTION: "Project Pseudonymisation" - TEILER_APP9_DE_DESCRIPTION: "Projectpseudonymisierung" - TEILER_APP9_SOURCEURL: "https://${HOST}/id-manager/html/projectSelection.html" - TEILER_APP9_ROLES: "TEILER_PUBLIC" - TEILER_APP9_ISACTIVATED: "true" - TEILER_APP9_ICONCLASS: "bi bi-person-lines-fill" - TEILER_APP9_ORDER: "10" - TEILER_APP9_ISEXTERNALLINK: "true" - TEILER_APP9_ISLOCAL: "true" - TEILER_APP10_NAME: "federated-search" - TEILER_APP10_TITLE: "Lens" - TEILER_APP10_EN_DESCRIPTION: "Federated Search" - TEILER_APP10_DE_DESCRIPTION: "Föderierte Suche" - TEILER_APP10_SOURCEURL: "https://demo.lens.samply.de/" - TEILER_APP10_ROLES: "TEILER_PUBLIC" - TEILER_APP10_ISACTIVATED: "true" - TEILER_APP10_ICONCLASS: "bi bi-search" - TEILER_APP10_ORDER: "13" - TEILER_APP10_ISEXTERNALLINK: "true" - TEILER_APP10_ISLOCAL: "false" - TEILER_APP11_NAME: "central-patient-list" - TEILER_APP11_EN_TITLE: "Central Patient List" - TEILER_APP11_DE_TITLE: "Zentrale Patientenliste" - TEILER_APP11_EN_DESCRIPTION: "Central Patient List" - TEILER_APP11_DE_DESCRIPTION: "Zentrale Patientenliste" - TEILER_APP11_SOURCEURL: "https://patientlist.ccp-it.dktk.dkfz.de/" - TEILER_APP11_ROLES: "TEILER_PUBLIC" - TEILER_APP11_ISACTIVATED: "true" - TEILER_APP11_ICONCLASS: "bi bi-person-rolodex" - TEILER_APP11_ORDER: "14" - TEILER_APP11_ISEXTERNALLINK: "true" - TEILER_APP11_ISLOCAL: "false" - TEILER_APP12_NAME: "central id-manager" - TEILER_APP12_EN_TITLE: "Central ID-Manager" - TEILER_APP12_DE_TITLE: "Zentraler ID-Manager" - TEILER_APP12_EN_DESCRIPTION: "Central ID Manager" - TEILER_APP12_DE_DESCRIPTION: "Zentraler ID-Manager" - TEILER_APP12_SOURCEURL: "https://dktk-kne.kgu.de/" - TEILER_APP12_ROLES: "TEILER_PUBLIC" - TEILER_APP12_ISACTIVATED: "true" - TEILER_APP12_ICONCLASS: "bi bi-person-bounding-box" - TEILER_APP12_ORDER: "15" - TEILER_APP12_ISEXTERNALLINK: "true" - TEILER_APP12_ISLOCAL: "false" - # TODO: Icinga to be replaced by Zabbix - TEILER_APP13_NAME: "monitoring" - TEILER_APP13_TITLE: "Icinga" - TEILER_APP13_DESCRIPTION: "Icinga Monitoring" - TEILER_APP13_SOURCEURL: "https://monitor.vmitro.de/icingaweb2/dashboard" - TEILER_APP13_ROLES: "TEILER_ADMIN" - TEILER_APP13_ISACTIVATED: "true" - TEILER_APP13_ICONSOURCEURL: "https://images.ctfassets.net/o7xu9whrs0u9/QmL67mCGdRQ8PBcuKHGnF/858c0aee95762f59d67b25073f9483c2/icinga-logo.png" - TEILER_APP13_ORDER: "16" - TEILER_APP13_ISEXTERNALLINK: "true" - TEILER_APP13_ISLOCAL: "false" - # TEILER_APP14_NAME: "function-tests" - # TEILER_APP15_NAME: "event-log" - TEILER_APP16_NAME: "active-inquiries" - TEILER_APP16_BACKENDURL: "https://${HOST}/ccp-exporter" - TEILER_APP17_NAME: "archived-inquiries" - TEILER_APP17_BACKENDURL: "https://${HOST}/ccp-exporter" - TEILER_APP18_NAME: "failed-inquiries" - TEILER_APP18_BACKENDURL: "https://${HOST}/ccp-exporter" - TEILER_APP19_NAME: "inquiry" - TEILER_APP19_INMENU: "false" - # TEILER_APP20_NAME: "cbioportal" - # TEILER_APP20_TITLE: "cBioportal" - # TEILER_APP20_DESCRIPTION: "Interactive exploration of multidimensional cancer genomics data sets" - # TEILER_APP20_SOURCEURL: "http://localhost:8082" - # TEILER_APP20_ROLES: "TEILER_USER" - # TEILER_APP20_ISACTIVATED: "true" - # TEILER_APP20_ICONSOURCEURL: "https://docs.cbioportal.org/images/cbio-logo.png" - # TEILER_APP20_ORDER: "17" - # TEILER_APP20_ISEXTERNALLINK: "true" - # TEILER_APP20_ISLOCAL: "true" - # TEILER_APP21_NAME: "mtba-bp" - # TEILER_APP21_TITLE: "MTBA-BP" - # TEILER_APP21_DESCRIPTION: "MTBA Camunda Business Process" - # TEILER_APP21_SOURCEURL: "http://localhost:8480" - # TEILER_APP21_ROLES: "TEILER_ADMIN" - # TEILER_APP21_ISACTIVATED: "true" - # TEILER_APP21_ICONSOURCEURL: "https://camunda.com/wp-content/uploads/2020/05/logo-camunda-black.svg" - # TEILER_APP21_ORDER: "18" - # TEILER_APP21_ISEXTERNALLINK: "true" - # TEILER_APP21_ISLOCAL: "true" - TEILER_APP22_NAME: "dialog-quali" - TEILER_APP22_INMENU: "false" - TEILER_APP23_NAME: "dialog-uploads" - TEILER_APP23_INMENU: "false" - TEILER_APP24_NAME: "inquiry-dialog" - TEILER_APP24_INMENU: "false" - TEILER_APP25_NAME: "dialog-tests" - TEILER_APP25_INMENU: "false" - # TEILER_APP26_NAME: "opal" - # TEILER_APP26_TITLE: "Opal" - # TEILER_APP26_DESCRIPTION: "Opal is OBiBa’s core database application for biobanks." - # TEILER_APP26_SOURCEURL: "http://localhost:8880" - # TEILER_APP26_ROLES: "TEILER_USER" - # TEILER_APP26_ISACTIVATED: "true" - # TEILER_APP26_ICONSOURCEURL: "https://www.obiba.org/assets/themes/bootstrap/img/obiba-logo-small.png" - # TEILER_APP26_ORDER: "19" - # TEILER_APP26_ISEXTERNALLINK: "true" - # TEILER_APP26_ISLOCAL: "true" - # TEILER_APP27_NAME: "rstudio" - # TEILER_APP27_TITLE: "R Studio" - # TEILER_APP27_DESCRIPTION: "RStudio is an integrated development environment (IDE) for R and Python." - # TEILER_APP27_SOURCEURL: "http://localhost:8787" - # TEILER_APP27_ROLES: "TEILER_USER" - # TEILER_APP27_ISACTIVATED: "true" - # TEILER_APP27_ICONSOURCEURL: "https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png" - # TEILER_APP27_ORDER: "20" - # TEILER_APP27_ISEXTERNALLINK: "true" - # TEILER_APP27_ISLOCAL: "true" - -volumes: - bridgehead-login-db: - name: "bridgehead-login-db" + CENTRAX_URL: "${CENTRAXX_URL}" + IS_DKTK_SITE: "${IS_DKTK_SITE}" diff --git a/ccp/modules/teiler-ui-setup.sh b/ccp/modules/teiler-ui-setup.sh index dc755ba..793abdd 100644 --- a/ccp/modules/teiler-ui-setup.sh +++ b/ccp/modules/teiler-ui-setup.sh @@ -4,4 +4,3 @@ if [ "$ENABLE_TEILER" == true ];then log INFO "Teiler-UI setup detected -- will start Teiler-UI services." OVERRIDE+=" -f ./$PROJECT/modules/teiler-ui-compose.yml" fi -KEYCLOAK_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"