samply
/
bridgehead
mirror of https://github.com/samply/bridgehead.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add opal certificate

This commit is contained in:
juarez 2023-05-16 16:40:22 +02:00
parent 5e376b17ad
commit 687dbba383
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ccp/modules/datashield-compose.yml
View File

@ -24,7 +24,7 @@ services:
############################################ DataSHIELD Server (Opal) ############################################ DataSHIELD Server (Opal)
opal: opal:
container_name: bridgehead-opal container_name: bridgehead-opal
image: obiba/opal:4.5 image: docker.verbis.dkfz.de/ccp/dktk-opal:latest
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.opal_ccp.rule=PathPrefix(`/opal`)" - "traefik.http.routers.opal_ccp.rule=PathPrefix(`/opal`)"
@ -44,6 +44,11 @@ services:
ROCK_HOSTS: "opal-rserver:8085" ROCK_HOSTS: "opal-rserver:8085"
APP_URL: "https://${HOST}/opal" APP_URL: "https://${HOST}/opal"
APP_CONTEXT_PATH: "/opal" APP_CONTEXT_PATH: "/opal"
OPAL_PRIVATE_KEY: "/run/secrets/opal-key.pem"
OPAL_CERTIFICATE: "/run/secrets/opal-cert.pem"
secrets:
- opal-cert.pem
- opal-key.pem
# volumes: # volumes:
# - "bridgehead-opal:/srv" # - "bridgehead-opal:/srv"
@ -93,3 +98,9 @@ services:
# name: "bridgehead-opal-db" # name: "bridgehead-opal-db"
# bridgehead-opal: # bridgehead-opal:
# name: "bridgehead-opal" # name: "bridgehead-opal"
secrets:
opal-cert.pem:
file: /etc/bridgehead/traefik-tls/opal-cert.pem
opal-key.pem:
file: /etc/bridgehead/traefik-tls/opal-key.pem

3
ccp/modules/datashield-setup.sh
View File

@ -5,3 +5,6 @@ if [ "$ENABLE_DATASHIELD" == true ];then
OVERRIDE+=" -f ./$PROJECT/modules/datashield-compose.yml" OVERRIDE+=" -f ./$PROJECT/modules/datashield-compose.yml"
fi fi
OPAL_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Opal. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" OPAL_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Opal. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
if [ ! -e "/etc/bridgehead/traefik-tls/opal-cert.pem" ]; then
openssl req -x509 -newkey rsa:4096 -nodes -keyout /etc/bridgehead/traefik-tls/opal-key.pem -out /etc/bridgehead/traefik-tls/opal-cert.pem -days 3650 -subj "/CN=$HOST"
fi