From 28a93b191c10906732aa19216f01723e83757ff6 Mon Sep 17 00:00:00 2001 From: tm16-medma <142219207+tm16-medma@users.noreply.github.com> Date: Mon, 2 Mar 2026 09:14:05 +0100 Subject: [PATCH] Refactor ovis-compose.yml for latest OVis version --- ccp/modules/ovis-compose.yml | 81 +++++++++++++----------------------- 1 file changed, 28 insertions(+), 53 deletions(-) diff --git a/ccp/modules/ovis-compose.yml b/ccp/modules/ovis-compose.yml index 4dfc5bbc..da11d553 100644 --- a/ccp/modules/ovis-compose.yml +++ b/ccp/modules/ovis-compose.yml @@ -1,71 +1,37 @@ -version: '3.7' +version: "3.7" services: - - ovis-traefik-forward-auth: - image: quay.io/oauth2-proxy/oauth2-proxy:latest - environment: - - http_proxy=${http_proxy:-http://forward_proxy:3128} - - https_proxy=${https_proxy:-http://forward_proxy:3128} - - OAUTH2_PROXY_PROVIDER=oidc - - OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true - - OAUTH2_PROXY_OIDC_ISSUER_URL=${OAUTH_ISSUER_URL} - - OAUTH2_PROXY_CLIENT_ID=${OAUTH_CLIENT_ID} - - OAUTH2_PROXY_CLIENT_SECRET=${OAUTH_CLIENT_SECRET} - - OAUTH2_PROXY_COOKIE_SECRET=${AUTHENTICATION_SECRET} - - OAUTH2_PROXY_COOKIE_DOMAINS=.${HOST:-localhost} - - OAUTH2_PROXY_COOKIE_REFRESH=4m - - OAUTH2_PROXY_COOKIE_EXPIRE=24h - - OAUTH2_PROXY_HTTP_ADDRESS=:4180 - - OAUTH2_PROXY_REVERSE_PROXY=true - - OAUTH2_PROXY_WHITELIST_DOMAINS=.${HOST:-localhost} - - OAUTH2_PROXY_UPSTREAMS=static://202 - - OAUTH2_PROXY_EMAIL_DOMAINS=* - #- OAUTH2_PROXY_ALLOWED_GROUPS=app-ovis - #- OAUTH2_PROXY_ERRORS_TO_INFO_LOG=true - - OAUTH2_PROXY_CODE_CHALLENGE_METHOD=S256 - # For some reason, login.verbis.dkfz.de does not have a "groups" scope but this comes automatically through a - # scope called microprofile-jwt. Remove the following line once we have a "groups" scope. - - OAUTH2_PROXY_SCOPE=openid profile email - # Pass Authorization Header and some user information to spot - - OAUTH2_PROXY_SET_AUTHORIZATION_HEADER=true - - OAUTH2_PROXY_SET_XAUTHREQUEST=true - labels: - - "traefik.enable=true" - - "traefik.http.middlewares.ovis-traefik-forward-auth.forwardauth.address=http://ovis-traefik-forward-auth:4180" - - "traefik.http.middlewares.ovis-traefik-forward-auth.forwardauth.authResponseHeaders=Authorization, X-Forwarded-User, X-Auth-Request-User, X-Auth-Request-Email" - - "traefik.http.services.ovis-traefik-forward-auth.loadbalancer.server.port=4180" - - "traefik.http.routers.oauth2.rule=Host(`${HOST:-localhost}`) && PathPrefix(`/oauth2-ovis/`)" - - "traefik.http.routers.oauth2.tls=true" - fhir-transformer: image: docker.verbis.dkfz.de/ovis/adt-mon-gql-fhir-transformer:latest + container_name: bridgehead-ccp-ovis-fhir-transformer restart: on-failure environment: - - FHIR_SERVER_URL=${FHIR_SERVER_URL:-http://bridgehead-ccp-blaze:8080/fhir} - - FHIR_USERNAME=${FHIR_USERNAME} - - FHIR_PASSWORD=${FHIR_PASSWORD} + FHIR_SERVER_URL: ${FHIR_SERVER_URL:-http://bridgehead-ccp-blaze:8080/fhir} + FHIR_USERNAME: ${FHIR_USERNAME} + FHIR_PASSWORD: ${FHIR_PASSWORD} volumes: - /var/cache/bridgehead/ccp/ovis/shared_data:/app/output mongo: image: mongo:${MONGO_VER:-latest} + container_name: bridgehead-ccp-ovis-mongo restart: always command: mongod - - /var/cache/bridgehead/ccp/ovis/mongo/init/init.js:/docker-entrypoint-initdb.d/init.js + volumes: + - /var/cache/bridgehead/ccp/ovis/mongo/init/init.js:/docker-entrypoint-initdb.d/init.js:ro backend: image: docker.verbis.dkfz.de/ovis/adt-mon-gql-backend:latest + container_name: bridgehead-ccp-ovis-backend restart: always user: root working_dir: /app environment: - - APOLLO_PORT=${APOLLO_PORT:-4001} - - CREDOS_PORT=${CREDOS_PORT:-4000} - - MONGO_VER=latest - - CORS_ORIGIN=* - - DB=${DB:-onc_test} - - ADRESS=${ADRESS:-mongodb://mongo:27017} + APOLLO_PORT: ${APOLLO_PORT:-4001} + CREDOS_PORT: ${CREDOS_PORT:-4000} + CORS_ORIGIN: ${OVIS_CORS_ORIGIN:-*} + DB: ${DB:-onc_test} + ADRESS: ${ADRESS:-mongodb://mongo:27017} depends_on: - mongo - fhir-transformer @@ -77,7 +43,6 @@ services: start_period: 10s entrypoint: > sh -c " - # First run the initialization process while [ ! -f /shared/omock.json ]; do echo 'Waiting for omock.json...' sleep 5 @@ -91,22 +56,32 @@ services: - "traefik.enable=true" - "traefik.http.routers.ovis-backend.rule=Host(`${HOST:-localhost}`) && PathPrefix(`/graphql`)" - "traefik.http.routers.ovis-backend.tls=true" + - "traefik.http.routers.ovis-backend.middlewares=${OVIS_AUTH_MIDDLEWARE:-traefik-forward-auth}" + - "traefik.http.routers.ovis-backend-ccp.rule=PathPrefix(`/ccp-ovis/graphql`)" + - "traefik.http.routers.ovis-backend-ccp.tls=true" + - "traefik.http.middlewares.ovis-backend-ccp-strip.stripprefix.prefixes=/ccp-ovis" + - "traefik.http.routers.ovis-backend-ccp.middlewares=ovis-backend-ccp-strip,${OVIS_AUTH_MIDDLEWARE:-traefik-forward-auth}" - "traefik.http.services.ovis-backend.loadbalancer.server.port=${APOLLO_PORT:-4001}" volumes: - /var/cache/bridgehead/ccp/ovis/shared_data:/shared frontend: image: docker.verbis.dkfz.de/ovis/adt-mon-gql-frontend:latest + container_name: bridgehead-ccp-ovis-frontend restart: always environment: - - PUBLIC_GRAPHQL_URL=https://${HOST:-localhost}/graphql + PUBLIC_GRAPHQL_URL: https://${HOST:-localhost}/ccp-ovis/graphql + PUBLIC_LOGIN_ENABLED: "false" depends_on: backend: condition: service_healthy - working_dir: /app labels: - "traefik.enable=true" - "traefik.http.routers.ovis-frontend.tls=true" - "traefik.http.routers.ovis-frontend.rule=Host(`${HOST:-localhost}`)" - - "traefik.http.routers.ovis-frontend.middlewares=traefik-forward-auth" - - "traefik.http.services.ovis-frontend.loadbalancer.server.port=5173" \ No newline at end of file + - "traefik.http.routers.ovis-frontend.middlewares=${OVIS_AUTH_MIDDLEWARE:-traefik-forward-auth}" + - "traefik.http.routers.ovis-frontend-ccp.rule=PathPrefix(`/ccp-ovis`)" + - "traefik.http.routers.ovis-frontend-ccp.tls=true" + - "traefik.http.middlewares.ovis-frontend-ccp-strip.stripprefix.prefixes=/ccp-ovis" + - "traefik.http.routers.ovis-frontend-ccp.middlewares=ovis-frontend-ccp-strip,${OVIS_AUTH_MIDDLEWARE:-traefik-forward-auth}" + - "traefik.http.services.ovis-frontend.loadbalancer.server.port=5173"