samply/bridgehead
1
0
Fork 0
mirror of https://github.com/samply/bridgehead.git synced 2025-06-16 20:40:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: make a persistent send secret per bridgehead

Browse Source
This commit is contained in:
Torben Brenner
2025-05-23 16:30:28 +02:00
parent bc0835ff4d
commit 791be147e2
3 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
dhki/docker-compose.yml
View File

@ -45,6 +45,7 @@ services:
BROKER_URL: ${BROKER_URL} BROKER_URL: ${BROKER_URL}
PROXY_ID: ${PROXY_ID} PROXY_ID: ${PROXY_ID}
APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT} APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
APP_beamfilesend_KEY: ${BEAM_FILE_SEND_SECRET}
PRIVKEY_FILE: /run/secrets/proxy.pem PRIVKEY_FILE: /run/secrets/proxy.pem
ALL_PROXY: http://forward_proxy:3128 ALL_PROXY: http://forward_proxy:3128
TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs

1
dhki/vars
View File

@ -5,6 +5,7 @@ FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | h
FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
BEAM_FILE_SEND_SECRET="$(echo \"beam-file-send-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
BROKER_URL_FOR_PREREQ=$BROKER_URL BROKER_URL_FOR_PREREQ=$BROKER_URL

5
modules/beam-file-compose.yml
View File

@ -4,8 +4,8 @@ services:
image: samply/beam-file:${BEAM_FILE_TAG} image: samply/beam-file:${BEAM_FILE_TAG}
container_name: bridgehead-beam-file-sender container_name: bridgehead-beam-file-sender
environment: environment:
- BEAM_ID=beamfile.${PROXY_ID} - BEAM_ID=beamfilesend.${PROXY_ID}
- BEAM_SECRET=${BEAM_FILE_SECRET} - BEAM_SECRET=${BEAM_FILE_SEND_SECRET}
- BEAM_URL=http://beam-proxy:8081 - BEAM_URL=http://beam-proxy:8081
- BIND_ADDR=0.0.0.0:8085 - BIND_ADDR=0.0.0.0:8085
- API_KEY=${BEAM_FILE_API_KEY} - API_KEY=${BEAM_FILE_API_KEY}
@ -32,3 +32,4 @@ services:
beam-proxy: beam-proxy:
environment: environment:
APP_beamfile_KEY: ${BEAM_FILE_SECRET} APP_beamfile_KEY: ${BEAM_FILE_SECRET}
profiles: ["beam-file-receiver"]