mirror of https://github.com/samply/bridgehead.git
feat: migrate to new dnpm:dip node (#251)
* feat: migrate to new dnpm:dip node * hardcode dnpm connector type to broker * use `SITE_NAME` for dnpm `LOCAL_SITE` * host central targets in git * dnpm: add goettingen to central targets * dnpm: add uksh to central targets * dnpm: replace named volumes with fs volumes * chore: change dnpm images * chore: pin mysql * dnpm: Secure endpoints for ETL and p2p communications (#254) * fix authup redirect (#262) When a OIDC provider is configured, you'll get redirected to authup by Keycloak which redirects you to the DNPM:DIP. Currently the url looks like this: https://myserver/authup//someurl and produces an error. Manually removing the additional / fixes the issue. * Whitespace formatting --------- Co-authored-by: Niklas <niklas@ytvwld.de> Co-authored-by: Niklas Reimer <niklas@backbord.net> Co-authored-by: Martin Lablans <6804500+lablans@users.noreply.github.com>
This commit is contained in:
Jan
GitHub
parent
e08ff92401
commit
721627a78f
|
|
@ -13,7 +13,7 @@ services:
|
|||
PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
|
||||
APP_ID: dnpm-connect.${PROXY_ID}
|
||||
DISCOVERY_URL: "./conf/central_targets.json"
|
||||
LOCAL_TARGETS_FILE: "./conf/connect_targets.json"
|
||||
LOCAL_TARGETS_FILE: "/conf/connect_targets.json"
|
||||
HTTP_PROXY: "http://forward_proxy:3128"
|
||||
HTTPS_PROXY: "http://forward_proxy:3128"
|
||||
NO_PROXY: beam-proxy,dnpm-backend,host.docker.internal${DNPM_ADDITIONAL_NO_PROXY}
|
||||
|
|
@ -25,7 +25,7 @@ services:
|
|||
volumes:
|
||||
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
|
||||
- /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro
|
||||
- /etc/bridgehead/dnpm/central_targets.json:/conf/central_targets.json:ro
|
||||
- /srv/docker/bridgehead/minimal/modules/dnpm-central-targets.json:/conf/central_targets.json:ro
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)"
|
||||
|
|
|
|||
|
|
@ -1,34 +1,99 @@
|
|||
version: "3.7"
|
||||
|
||||
services:
|
||||
dnpm-backend:
|
||||
image: ghcr.io/kohlbacherlab/bwhc-backend:1.0-snapshot-broker-connector
|
||||
container_name: bridgehead-dnpm-backend
|
||||
dnpm-mysql:
|
||||
image: mysql:9
|
||||
healthcheck:
|
||||
test: [ "CMD", "mysqladmin" ,"ping", "-h", "localhost" ]
|
||||
interval: 3s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
environment:
|
||||
- ZPM_SITE=${ZPM_SITE}
|
||||
- N_RANDOM_FILES=${DNPM_SYNTH_NUM}
|
||||
MYSQL_ROOT_HOST: "%"
|
||||
MYSQL_ROOT_PASSWORD: ${DNPM_MYSQL_ROOT_PASSWORD}
|
||||
volumes:
|
||||
- /etc/bridgehead/dnpm:/bwhc_config:ro
|
||||
- ${DNPM_DATA_DIR}:/bwhc_data
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.bwhc-backend.rule=PathPrefix(`/bwhc`)"
|
||||
- "traefik.http.services.bwhc-backend.loadbalancer.server.port=9000"
|
||||
- "traefik.http.routers.bwhc-backend.tls=true"
|
||||
- /var/cache/bridgehead/dnpm/mysql:/var/lib/mysql
|
||||
|
||||
dnpm-frontend:
|
||||
image: ghcr.io/kohlbacherlab/bwhc-frontend:2209
|
||||
container_name: bridgehead-dnpm-frontend
|
||||
links:
|
||||
- dnpm-backend
|
||||
dnpm-authup:
|
||||
image: authup/authup:latest
|
||||
container_name: bridgehead-dnpm-authup
|
||||
volumes:
|
||||
- /var/cache/bridgehead/dnpm/authup:/usr/src/app/writable
|
||||
depends_on:
|
||||
dnpm-mysql:
|
||||
condition: service_healthy
|
||||
command: server/core start
|
||||
environment:
|
||||
- NUXT_HOST=0.0.0.0
|
||||
- NUXT_PORT=8080
|
||||
- BACKEND_PROTOCOL=https
|
||||
- BACKEND_HOSTNAME=$HOST
|
||||
- BACKEND_PORT=443
|
||||
- PUBLIC_URL=https://${HOST}/auth/
|
||||
- AUTHORIZE_REDIRECT_URL=https://${HOST}
|
||||
- ROBOT_ADMIN_ENABLED=true
|
||||
- ROBOT_ADMIN_SECRET=${DNPM_AUTHUP_SECRET}
|
||||
- ROBOT_ADMIN_SECRET_RESET=true
|
||||
- DB_TYPE=mysql
|
||||
- DB_HOST=dnpm-mysql
|
||||
- DB_USERNAME=root
|
||||
- DB_PASSWORD=${DNPM_MYSQL_ROOT_PASSWORD}
|
||||
- DB_DATABASE=auth
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.bwhc-frontend.rule=PathPrefix(`/`)"
|
||||
- "traefik.http.services.bwhc-frontend.loadbalancer.server.port=8080"
|
||||
- "traefik.http.routers.bwhc-frontend.tls=true"
|
||||
- "traefik.http.middlewares.authup-strip.stripprefix.prefixes=/auth"
|
||||
- "traefik.http.routers.dnpm-auth.middlewares=authup-strip"
|
||||
- "traefik.http.routers.dnpm-auth.rule=PathPrefix(`/auth`)"
|
||||
- "traefik.http.services.dnpm-auth.loadbalancer.server.port=3000"
|
||||
- "traefik.http.routers.dnpm-auth.tls=true"
|
||||
|
||||
dnpm-portal:
|
||||
image: ghcr.io/dnpm-dip/portal:latest
|
||||
container_name: bridgehead-dnpm-portal
|
||||
environment:
|
||||
- NUXT_API_URL=http://dnpm-backend:9000/
|
||||
- NUXT_PUBLIC_API_URL=https://${HOST}/api/
|
||||
- NUXT_AUTHUP_URL=http://dnpm-authup:3000/
|
||||
- NUXT_PUBLIC_AUTHUP_URL=https://${HOST}/auth/
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.dnpm-frontend.rule=PathPrefix(`/`)"
|
||||
- "traefik.http.services.dnpm-frontend.loadbalancer.server.port=3000"
|
||||
- "traefik.http.routers.dnpm-frontend.tls=true"
|
||||
|
||||
dnpm-backend:
|
||||
container_name: bridgehead-dnpm-backend
|
||||
image: ghcr.io/dnpm-dip/backend:latest
|
||||
environment:
|
||||
- LOCAL_SITE=${ZPM_SITE}:${SITE_NAME} # Format: {Site-ID}:{Site-name}, e.g. UKT:Tübingen
|
||||
- RD_RANDOM_DATA=${DNPM_SYNTH_NUM:--1}
|
||||
- MTB_RANDOM_DATA=${DNPM_SYNTH_NUM:--1}
|
||||
- HATEOAS_HOST=https://${HOST}
|
||||
- CONNECTOR_TYPE=broker
|
||||
- AUTHUP_URL=robot://system:${DNPM_AUTHUP_SECRET}@http://dnpm-authup:3000
|
||||
volumes:
|
||||
- /etc/bridgehead/dnpm/config:/dnpm_config
|
||||
- /var/cache/bridgehead/dnpm/backend-data:/dnpm_data
|
||||
depends_on:
|
||||
dnpm-authup:
|
||||
condition: service_healthy
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.dnpm-backend.loadbalancer.server.port=9000"
|
||||
# expose everything
|
||||
- "traefik.http.routers.dnpm-backend.rule=PathPrefix(`/api`)"
|
||||
- "traefik.http.routers.dnpm-backend.tls=true"
|
||||
- "traefik.http.routers.dnpm-backend.service=dnpm-backend"
|
||||
# except ETL
|
||||
- "traefik.http.routers.dnpm-backend-etl.rule=PathRegexp(`^/api(/.*)?etl(/.*)?$`)"
|
||||
- "traefik.http.routers.dnpm-backend-etl.tls=true"
|
||||
- "traefik.http.routers.dnpm-backend-etl.service=dnpm-backend"
|
||||
# this needs an ETL processor with support for basic auth
|
||||
- "traefik.http.routers.dnpm-backend-etl.middlewares=auth"
|
||||
# except peer-to-peer
|
||||
- "traefik.http.routers.dnpm-backend-peer.rule=PathRegexp(`^/api(/.*)?/peer2peer(/.*)?$`)"
|
||||
- "traefik.http.routers.dnpm-backend-peer.tls=true"
|
||||
- "traefik.http.routers.dnpm-backend-peer.service=dnpm-backend"
|
||||
- "traefik.http.routers.dnpm-backend-peer.middlewares=dnpm-backend-peer"
|
||||
# this effectively denies all requests
|
||||
# this is okay, because requests from peers don't go through Traefik
|
||||
- "traefik.http.middlewares.dnpm-backend-peer.ipWhiteList.sourceRange=0.0.0.0/32"
|
||||
|
||||
landing:
|
||||
labels:
|
||||
- "traefik.http.routers.landing.rule=PathPrefix(`/landing`)"
|
||||
|
|
|
|||
|
|
@ -1,28 +1,16 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ -n "${ENABLE_DNPM_NODE}" ]; then
|
||||
log INFO "DNPM setup detected (BwHC Node) -- will start BwHC node."
|
||||
log INFO "DNPM setup detected -- will start DNPM:DIP node."
|
||||
OVERRIDE+=" -f ./$PROJECT/modules/dnpm-node-compose.yml"
|
||||
|
||||
# Set variables required for BwHC Node. ZPM_SITE is assumed to be set in /etc/bridgehead/<project>.conf
|
||||
DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password for DNPM. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
||||
if [ -z "${ZPM_SITE+x}" ]; then
|
||||
log ERROR "Mandatory variable ZPM_SITE not defined!"
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "${DNPM_DATA_DIR+x}" ]; then
|
||||
log ERROR "Mandatory variable DNPM_DATA_DIR not defined!"
|
||||
exit 1
|
||||
fi
|
||||
DNPM_SYNTH_NUM=${DNPM_SYNTH_NUM:-0}
|
||||
if grep -q 'traefik.http.routers.landing.rule=PathPrefix(`/landing`)' /srv/docker/bridgehead/minimal/docker-compose.override.yml 2>/dev/null; then
|
||||
echo "Override of landing page url already in place"
|
||||
else
|
||||
echo "Adding override of landing page url"
|
||||
if [ -f /srv/docker/bridgehead/minimal/docker-compose.override.yml ]; then
|
||||
echo -e ' landing:\n labels:\n - "traefik.http.routers.landing.rule=PathPrefix(`/landing`)"' >> /srv/docker/bridgehead/minimal/docker-compose.override.yml
|
||||
else
|
||||
echo -e 'version: "3.7"\nservices:\n landing:\n labels:\n - "traefik.http.routers.landing.rule=PathPrefix(`/landing`)"' >> /srv/docker/bridgehead/minimal/docker-compose.override.yml
|
||||
fi
|
||||
fi
|
||||
mkdir -p /var/cache/bridgehead/dnpm/ || fail_and_report 1 "Failed to create '/var/cache/bridgehead/dnpm/'. Please run sudo './bridgehead install $PROJECT' again to fix the permissions."
|
||||
DNPM_SYNTH_NUM=${DNPM_SYNTH_NUM:--1}
|
||||
DNPM_MYSQL_ROOT_PASSWORD="$(generate_simple_password 'dnpm mysql')"
|
||||
DNPM_AUTHUP_SECRET="$(generate_simple_password 'dnpm authup')"
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ services:
|
|||
- --entrypoints.web.http.redirections.entrypoint.scheme=https
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard/`)"
|
||||
- "traefik.http.routers.dashboard.rule=PathPrefix(`/dashboard/`)"
|
||||
- "traefik.http.routers.dashboard.entrypoints=websecure"
|
||||
- "traefik.http.routers.dashboard.service=api@internal"
|
||||
- "traefik.http.routers.dashboard.tls=true"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,142 @@
|
|||
{
|
||||
"sites": [
|
||||
{
|
||||
"id": "UKFR",
|
||||
"name": "Freiburg",
|
||||
"virtualhost": "ukfr.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.dnpm-bridge.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "UKHD",
|
||||
"name": "Heidelberg",
|
||||
"virtualhost": "ukhd.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.dnpm-bridge.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "UKT",
|
||||
"name": "Tübingen",
|
||||
"virtualhost": "ukt.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.dnpm-bridge.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "UKU",
|
||||
"name": "Ulm",
|
||||
"virtualhost": "uku.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.dnpm-bridge.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "UM",
|
||||
"name": "Mainz",
|
||||
"virtualhost": "um.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.dnpm-bridge.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "UKMR",
|
||||
"name": "Marburg",
|
||||
"virtualhost": "ukmr.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.dnpm-bridge.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "UKE",
|
||||
"name": "Hamburg",
|
||||
"virtualhost": "uke.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.dnpm-bridge.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "UKA",
|
||||
"name": "Aachen",
|
||||
"virtualhost": "uka.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.dnpm-bridge.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "Charite",
|
||||
"name": "Berlin",
|
||||
"virtualhost": "charite.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.berlin-test.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "MRI",
|
||||
"name": "Muenchen-tum",
|
||||
"virtualhost": "mri.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.muenchen-tum.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "KUM",
|
||||
"name": "Muenchen-lmu",
|
||||
"virtualhost": "kum.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.muenchen-lmu.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "MHH",
|
||||
"name": "Hannover",
|
||||
"virtualhost": "mhh.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.hannover.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "UKDD",
|
||||
"name": "dresden-dnpm",
|
||||
"virtualhost": "ukdd.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.dresden-dnpm.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "UKB",
|
||||
"name": "Bonn",
|
||||
"virtualhost": "ukb.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.bonn-dnpm.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "UKD",
|
||||
"name": "Duesseldorf",
|
||||
"virtualhost": "ukd.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.duesseldorf-dnpm.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "UKK",
|
||||
"name": "Koeln",
|
||||
"virtualhost": "ukk.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.dnpm-bridge.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "UME",
|
||||
"name": "Essen",
|
||||
"virtualhost": "ume.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.essen.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "UKM",
|
||||
"name": "Muenster",
|
||||
"virtualhost": "ukm.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.muenster-dnpm.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "UKF",
|
||||
"name": "Frankfurt",
|
||||
"virtualhost": "ukf.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.frankfurt.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "UMG",
|
||||
"name": "Goettingen",
|
||||
"virtualhost": "umg.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.goettingen.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "UKW",
|
||||
"name": "Würzburg",
|
||||
"virtualhost": "ukw.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.wuerzburg-dnpm.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "UKSH",
|
||||
"name": "Schleswig-Holstein",
|
||||
"virtualhost": "uksh.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.uksh-dnpm.broker.ccp-it.dktk.dkfz.de"
|
||||
},
|
||||
{
|
||||
"id": "TKT",
|
||||
"name": "Test",
|
||||
"virtualhost": "tkt.dnpm.de",
|
||||
"beamconnect": "dnpm-connect.tobias-develop.broker.ccp-it.dktk.dkfz.de"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -29,7 +29,7 @@ services:
|
|||
PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
|
||||
APP_ID: dnpm-connect.${DNPM_PROXY_ID}
|
||||
DISCOVERY_URL: "./conf/central_targets.json"
|
||||
LOCAL_TARGETS_FILE: "./conf/connect_targets.json"
|
||||
LOCAL_TARGETS_FILE: "/conf/connect_targets.json"
|
||||
HTTP_PROXY: http://forward_proxy:3128
|
||||
HTTPS_PROXY: http://forward_proxy:3128
|
||||
NO_PROXY: dnpm-beam-proxy,dnpm-backend, host.docker.internal${DNPM_ADDITIONAL_NO_PROXY}
|
||||
|
|
@ -41,7 +41,7 @@ services:
|
|||
volumes:
|
||||
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
|
||||
- /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro
|
||||
- /etc/bridgehead/dnpm/central_targets.json:/conf/central_targets.json:ro
|
||||
- /srv/docker/bridgehead/minimal/modules/dnpm-central-targets.json:/conf/central_targets.json:ro
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)"
|
||||
|
|
|
|||
|
|
@ -1,34 +1,99 @@
|
|||
version: "3.7"
|
||||
|
||||
services:
|
||||
dnpm-backend:
|
||||
image: ghcr.io/kohlbacherlab/bwhc-backend:1.0-snapshot-broker-connector
|
||||
container_name: bridgehead-dnpm-backend
|
||||
dnpm-mysql:
|
||||
image: mysql:9
|
||||
healthcheck:
|
||||
test: [ "CMD", "mysqladmin" ,"ping", "-h", "localhost" ]
|
||||
interval: 3s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
environment:
|
||||
- ZPM_SITE=${ZPM_SITE}
|
||||
- N_RANDOM_FILES=${DNPM_SYNTH_NUM}
|
||||
MYSQL_ROOT_HOST: "%"
|
||||
MYSQL_ROOT_PASSWORD: ${DNPM_MYSQL_ROOT_PASSWORD}
|
||||
volumes:
|
||||
- /etc/bridgehead/dnpm:/bwhc_config:ro
|
||||
- ${DNPM_DATA_DIR}:/bwhc_data
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.bwhc-backend.rule=PathPrefix(`/bwhc`)"
|
||||
- "traefik.http.services.bwhc-backend.loadbalancer.server.port=9000"
|
||||
- "traefik.http.routers.bwhc-backend.tls=true"
|
||||
- /var/cache/bridgehead/dnpm/mysql:/var/lib/mysql
|
||||
|
||||
dnpm-frontend:
|
||||
image: ghcr.io/kohlbacherlab/bwhc-frontend:2209
|
||||
container_name: bridgehead-dnpm-frontend
|
||||
links:
|
||||
- dnpm-backend
|
||||
dnpm-authup:
|
||||
image: authup/authup:latest
|
||||
container_name: bridgehead-dnpm-authup
|
||||
volumes:
|
||||
- /var/cache/bridgehead/dnpm/authup:/usr/src/app/writable
|
||||
depends_on:
|
||||
dnpm-mysql:
|
||||
condition: service_healthy
|
||||
command: server/core start
|
||||
environment:
|
||||
- NUXT_HOST=0.0.0.0
|
||||
- NUXT_PORT=8080
|
||||
- BACKEND_PROTOCOL=https
|
||||
- BACKEND_HOSTNAME=$HOST
|
||||
- BACKEND_PORT=443
|
||||
- PUBLIC_URL=https://${HOST}/auth/
|
||||
- AUTHORIZE_REDIRECT_URL=https://${HOST}
|
||||
- ROBOT_ADMIN_ENABLED=true
|
||||
- ROBOT_ADMIN_SECRET=${DNPM_AUTHUP_SECRET}
|
||||
- ROBOT_ADMIN_SECRET_RESET=true
|
||||
- DB_TYPE=mysql
|
||||
- DB_HOST=dnpm-mysql
|
||||
- DB_USERNAME=root
|
||||
- DB_PASSWORD=${DNPM_MYSQL_ROOT_PASSWORD}
|
||||
- DB_DATABASE=auth
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.bwhc-frontend.rule=PathPrefix(`/`)"
|
||||
- "traefik.http.services.bwhc-frontend.loadbalancer.server.port=8080"
|
||||
- "traefik.http.routers.bwhc-frontend.tls=true"
|
||||
- "traefik.http.middlewares.authup-strip.stripprefix.prefixes=/auth/"
|
||||
- "traefik.http.routers.dnpm-auth.middlewares=authup-strip"
|
||||
- "traefik.http.routers.dnpm-auth.rule=PathPrefix(`/auth`)"
|
||||
- "traefik.http.services.dnpm-auth.loadbalancer.server.port=3000"
|
||||
- "traefik.http.routers.dnpm-auth.tls=true"
|
||||
|
||||
dnpm-portal:
|
||||
image: ghcr.io/dnpm-dip/portal:latest
|
||||
container_name: bridgehead-dnpm-portal
|
||||
environment:
|
||||
- NUXT_API_URL=http://dnpm-backend:9000/
|
||||
- NUXT_PUBLIC_API_URL=https://${HOST}/api/
|
||||
- NUXT_AUTHUP_URL=http://dnpm-authup:3000/
|
||||
- NUXT_PUBLIC_AUTHUP_URL=https://${HOST}/auth/
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.dnpm-frontend.rule=PathPrefix(`/`)"
|
||||
- "traefik.http.services.dnpm-frontend.loadbalancer.server.port=3000"
|
||||
- "traefik.http.routers.dnpm-frontend.tls=true"
|
||||
|
||||
dnpm-backend:
|
||||
container_name: bridgehead-dnpm-backend
|
||||
image: ghcr.io/dnpm-dip/backend:latest
|
||||
environment:
|
||||
- LOCAL_SITE=${ZPM_SITE}:${SITE_NAME} # Format: {Site-ID}:{Site-name}, e.g. UKT:Tübingen
|
||||
- RD_RANDOM_DATA=${DNPM_SYNTH_NUM:--1}
|
||||
- MTB_RANDOM_DATA=${DNPM_SYNTH_NUM:--1}
|
||||
- HATEOAS_HOST=https://${HOST}
|
||||
- CONNECTOR_TYPE=broker
|
||||
- AUTHUP_URL=robot://system:${DNPM_AUTHUP_SECRET}@http://dnpm-authup:3000
|
||||
volumes:
|
||||
- /etc/bridgehead/dnpm/config:/dnpm_config
|
||||
- /var/cache/bridgehead/dnpm/backend-data:/dnpm_data
|
||||
depends_on:
|
||||
dnpm-authup:
|
||||
condition: service_healthy
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.dnpm-backend.loadbalancer.server.port=9000"
|
||||
# expose everything
|
||||
- "traefik.http.routers.dnpm-backend.rule=PathPrefix(`/api`)"
|
||||
- "traefik.http.routers.dnpm-backend.tls=true"
|
||||
- "traefik.http.routers.dnpm-backend.service=dnpm-backend"
|
||||
# except ETL
|
||||
- "traefik.http.routers.dnpm-backend-etl.rule=PathRegexp(`^/api(/.*)?etl(/.*)?$`)"
|
||||
- "traefik.http.routers.dnpm-backend-etl.tls=true"
|
||||
- "traefik.http.routers.dnpm-backend-etl.service=dnpm-backend"
|
||||
# this needs an ETL processor with support for basic auth
|
||||
- "traefik.http.routers.dnpm-backend-etl.middlewares=auth"
|
||||
# except peer-to-peer
|
||||
- "traefik.http.routers.dnpm-backend-peer.rule=PathRegexp(`^/api(/.*)?/peer2peer(/.*)?$`)"
|
||||
- "traefik.http.routers.dnpm-backend-peer.tls=true"
|
||||
- "traefik.http.routers.dnpm-backend-peer.service=dnpm-backend"
|
||||
- "traefik.http.routers.dnpm-backend-peer.middlewares=dnpm-backend-peer"
|
||||
# this effectively denies all requests
|
||||
# this is okay, because requests from peers don't go through Traefik
|
||||
- "traefik.http.middlewares.dnpm-backend-peer.ipWhiteList.sourceRange=0.0.0.0/32"
|
||||
|
||||
landing:
|
||||
labels:
|
||||
- "traefik.http.routers.landing.rule=PathPrefix(`/landing`)"
|
||||
|
|
|
|||
|
|
@ -1,28 +1,16 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ -n "${ENABLE_DNPM_NODE}" ]; then
|
||||
log INFO "DNPM setup detected (BwHC Node) -- will start BwHC node."
|
||||
log INFO "DNPM setup detected -- will start DNPM:DIP node."
|
||||
OVERRIDE+=" -f ./$PROJECT/modules/dnpm-node-compose.yml"
|
||||
|
||||
# Set variables required for BwHC Node. ZPM_SITE is assumed to be set in /etc/bridgehead/<project>.conf
|
||||
DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password for DNPM. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
||||
if [ -z "${ZPM_SITE+x}" ]; then
|
||||
log ERROR "Mandatory variable ZPM_SITE not defined!"
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "${DNPM_DATA_DIR+x}" ]; then
|
||||
log ERROR "Mandatory variable DNPM_DATA_DIR not defined!"
|
||||
exit 1
|
||||
fi
|
||||
DNPM_SYNTH_NUM=${DNPM_SYNTH_NUM:-0}
|
||||
if grep -q 'traefik.http.routers.landing.rule=PathPrefix(`/landing`)' /srv/docker/bridgehead/minimal/docker-compose.override.yml 2>/dev/null; then
|
||||
echo "Override of landing page url already in place"
|
||||
else
|
||||
echo "Adding override of landing page url"
|
||||
if [ -f /srv/docker/bridgehead/minimal/docker-compose.override.yml ]; then
|
||||
echo -e ' landing:\n labels:\n - "traefik.http.routers.landing.rule=PathPrefix(`/landing`)"' >> /srv/docker/bridgehead/minimal/docker-compose.override.yml
|
||||
else
|
||||
echo -e 'version: "3.7"\nservices:\n landing:\n labels:\n - "traefik.http.routers.landing.rule=PathPrefix(`/landing`)"' >> /srv/docker/bridgehead/minimal/docker-compose.override.yml
|
||||
fi
|
||||
fi
|
||||
mkdir -p /var/cache/bridgehead/dnpm/ || fail_and_report 1 "Failed to create '/var/cache/bridgehead/dnpm/'. Please run sudo './bridgehead install $PROJECT' again to fix the permissions."
|
||||
DNPM_SYNTH_NUM=${DNPM_SYNTH_NUM:--1}
|
||||
DNPM_MYSQL_ROOT_PASSWORD="$(generate_simple_password 'dnpm mysql')"
|
||||
DNPM_AUTHUP_SECRET="$(generate_simple_password 'dnpm authup')"
|
||||
fi
|
||||
|
|
|
|||
Loading…
Reference in New Issue