From 2bab2edf43b0de606d445b1859306d1d6b2500f5 Mon Sep 17 00:00:00 2001
From: Patrick Skowronek <patrick.skowronek@dkfz-heidelberg.de>
Date: Mon, 28 Mar 2022 15:34:57 +0200
Subject: [PATCH 1/4] Added script for basic auth user

---
 lib/add_bc_user.sh | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100755 lib/add_bc_user.sh

diff --git a/lib/add_bc_user.sh b/lib/add_bc_user.sh
new file mode 100755
index 0000000..a7442be
--- /dev/null
+++ b/lib/add_bc_user.sh
@@ -0,0 +1,18 @@
+#!/bin/bash -e
+
+echo "This script add's a user with password to the bridghead"
+read -p 'Username: ' bc_user
+read -sp 'Password: ' bc_password
+
+echo 
+
+bc=$(docker run --rm -ti xmartlabs/htpasswd $bc_user $bc_password)
+
+if [ -z $bc_auth_users ]; then
+    export bc_auth_users=$bc
+    echo $bc_auth_users
+else
+    export bc_auth_users="$bc_auth_users,$bc"
+    echo $bc_auth_users
+fi
+

From a3f9dc64b75104cb3d345ff3b75b8e45f9bb9d71 Mon Sep 17 00:00:00 2001
From: Patrick Skowronek <patrick.skowronek@dkfz-heidelberg.de>
Date: Mon, 4 Apr 2022 14:02:03 +0200
Subject: [PATCH 2/4] Improved script for user

---
 README.md                   | 3 +--
 dktk-fed/docker-compose.yml | 6 +++---
 lib/add_bc_user.sh          | 9 +++------
 lib/prerequisites.sh        | 2 +-
 4 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index 7745b47..48a794c 100644
--- a/README.md
+++ b/README.md
@@ -286,9 +286,8 @@ It is not recommended to use this script in production!
 
 ### Basic Auth
 
-Some services we use authfication to protect the data. For example for local data managemnt like the blaze.
+use add_user.sh
 
-The /auth direcotry contians for each project a file with user and password combination. If it is not present please create a file with just the project name. To add a combination use [htpasswdgenerator](https://htpasswdgenerator.de/) or use htpasswd on your maschine.
 
 ### HTTPS Access
 
diff --git a/dktk-fed/docker-compose.yml b/dktk-fed/docker-compose.yml
index a471b33..04458de 100644
--- a/dktk-fed/docker-compose.yml
+++ b/dktk-fed/docker-compose.yml
@@ -9,10 +9,9 @@ services:
       - --entrypoints.web.address=:80
       - --entrypoints.websecure.address=:443
       - --providers.docker=true
-      - --providers.file.directory=/configuration/
+      - --providers.file.watch=true
       - --entrypoints.web.http.redirections.entrypoint.to=websecure
       - --entrypoints.web.http.redirections.entrypoint.scheme=https
-      - --providers.file.watch=true
     ports:
       - 80:80
       - 443:443
@@ -48,12 +47,13 @@ services:
     - "blaze-data:/app/data"
     labels:
       - "traefik.enable=true"
-      - "traefik.http.middlewares.test-auth.basicauth.usersfile=/auth/dktk"
+      - "traefik.http.middlewares.test-auth.basicauth.users=${bc_auth_users}"
       - "traefik.http.routers.blaze_dktk.rule=PathPrefix(`/dktk-localdatamanagement`)"
       - "traefik.http.middlewares.dktk_b_strip.stripprefix.prefixes=/dktk-localdatamanagement"
       - "traefik.http.services.blaze_dktk.loadbalancer.server.port=8080"
       - "traefik.http.routers.blaze_dktk.middlewares=dktk_b_strip,test-auth"
       - "traefik.http.routers.blaze_dktk.tls=true"
+
  
   # dktk-fed-search-share:
   #   image: "ghcr.io/samply/dktk-fed-search-share:pr-1"
diff --git a/lib/add_bc_user.sh b/lib/add_bc_user.sh
index a7442be..3034c0a 100755
--- a/lib/add_bc_user.sh
+++ b/lib/add_bc_user.sh
@@ -9,10 +9,7 @@ echo
 bc=$(docker run --rm -ti xmartlabs/htpasswd $bc_user $bc_password)
 
 if [ -z $bc_auth_users ]; then
-    export bc_auth_users=$bc
-    echo $bc_auth_users
+    printf "Please run: export bc_auth_users=\"%q\"" $bc
 else
-    export bc_auth_users="$bc_auth_users,$bc"
-    echo $bc_auth_users
-fi
-
+    echo "Please run: export bc_auth_users=\"${bc},$bc_auth_users\""
+fi
\ No newline at end of file
diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh
index 05a4c59..65ec9e6 100755
--- a/lib/prerequisites.sh
+++ b/lib/prerequisites.sh
@@ -4,7 +4,7 @@
 ## Check if user is a su
 echo "Welcome to the starting a bridgehead. We will get your instance up and running in no time"
 echo "First we will check if all prerequisites are met ..."
-prerequisites="git docker docker-compose cat"
+prerequisites="git docker docker-compose"
 for prerequisite in $prerequisites; do
   $prerequisite --version 2>&1
   is_available=$?

From fe0e1ce5d2286043d616d852a51fe5a261f12413 Mon Sep 17 00:00:00 2001
From: root <root@e260-serv-05.inet.dkfz-heidelberg.de>
Date: Mon, 11 Apr 2022 15:28:11 +0200
Subject: [PATCH 3/4] Made requested changes by TB

---
 lib/add_bc_user.sh  | 26 ++++++++++++++++++++------
 start-bridgehead.sh |  5 +++++
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/lib/add_bc_user.sh b/lib/add_bc_user.sh
index 3034c0a..6ff4c92 100755
--- a/lib/add_bc_user.sh
+++ b/lib/add_bc_user.sh
@@ -1,15 +1,29 @@
 #!/bin/bash -e
 
 echo "This script add's a user with password to the bridghead"
+
+if [ $# -eq 0 ]; then
+    echo "No arguments provided, please provide the prject name"
+    exit 1
+fi
+
+if [ ! -f /etc/systemd/system/bridgehead@$1.service.d/override.conf ]; then
+    echo "Please create a Service first, with setup-bridgehead-units.sh"
+    exit
+fi
+
 read -p 'Username: ' bc_user
 read -sp 'Password: ' bc_password
 
-echo 
+echo
 
-bc=$(docker run --rm -ti xmartlabs/htpasswd $bc_user $bc_password)
 
-if [ -z $bc_auth_users ]; then
-    printf "Please run: export bc_auth_users=\"%q\"" $bc
-else
-    echo "Please run: export bc_auth_users=\"${bc},$bc_auth_users\""
+bc=`docker run --rm -it httpd:latest htpasswd -nb $bc_user $bc_password`
+
+if grep -q -E "Environment=bc_auth_users=" /etc/systemd/system/bridgehead@$1.service.d/override.conf ; then
+    x=`grep -E "Environment=bc_auth_users=" /etc/systemd/system/bridgehead@$1.service.d/override.conf`
+    sed -i "/Environment=bc_auth_users=/c\\$x,$bc" /etc/systemd/system/bridgehead@$1.service.d/override.conf       
+
+else 
+    echo "Environment=bc_auth_users=${bc}" >> /etc/systemd/system/bridgehead@$1.service.d/override.conf
 fi
\ No newline at end of file
diff --git a/start-bridgehead.sh b/start-bridgehead.sh
index 0d534e9..cbeef04 100755
--- a/start-bridgehead.sh
+++ b/start-bridgehead.sh
@@ -1,6 +1,11 @@
 #!/bin/bash
 ### Note: Currently not complete, needs some features before useable for production
 
+if [ $# -eq 0 ]; then
+    echo "No arguments provided"
+    exit 1
+fi
+
 source lib/functions.sh
 
 if ! lib/prerequisites.sh; then

From c929da51b32f606101dddd95ac3b9db0714d3fad Mon Sep 17 00:00:00 2001
From: root <root@e260-serv-05.inet.dkfz-heidelberg.de>
Date: Tue, 12 Apr 2022 08:44:10 +0200
Subject: [PATCH 4/4] Moved traefik dashboard to https and finished add user
 script

---
 dktk-fed/docker-compose.yml | 14 +++++++++-----
 lib/add_bc_user.sh          |  2 +-
 lib/generate.sh             |  6 +++---
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/dktk-fed/docker-compose.yml b/dktk-fed/docker-compose.yml
index 04458de..ffeded3 100644
--- a/dktk-fed/docker-compose.yml
+++ b/dktk-fed/docker-compose.yml
@@ -5,22 +5,26 @@ services:
     container_name: bridgehead_traefik
     image: traefik:2.4
     command:
-      - --api.insecure=true
       - --entrypoints.web.address=:80
       - --entrypoints.websecure.address=:443
       - --providers.docker=true
-      - --providers.file.watch=true
+      - --api.dashboard=true
+      - --accesslog=true # print access-logs
       - --entrypoints.web.http.redirections.entrypoint.to=websecure
       - --entrypoints.web.http.redirections.entrypoint.scheme=https
+    labels:
+      - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
+      - "traefik.http.routers.dashboard.entrypoints=websecure"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.tls=true"
+      - "traefik.http.routers.dashboard.middlewares=auth"
+      - "traefik.http.middlewares.auth.basicauth.users=${bc_auth_users}"
     ports:
       - 80:80
       - 443:443
-      - 8080:8080
     volumes:
       - ../certs:/tools/certs
-      - ../tools/traefik/:/configuration/
       - /var/run/docker.sock:/var/run/docker.sock:ro
-      - ../auth/:/auth
     extra_hosts:
       - "host.docker.internal:host-gateway"
   
diff --git a/lib/add_bc_user.sh b/lib/add_bc_user.sh
index 6ff4c92..924f2e1 100755
--- a/lib/add_bc_user.sh
+++ b/lib/add_bc_user.sh
@@ -3,7 +3,7 @@
 echo "This script add's a user with password to the bridghead"
 
 if [ $# -eq 0 ]; then
-    echo "No arguments provided, please provide the prject name"
+    echo "No arguments provided, please provide the project name"
     exit 1
 fi
 
diff --git a/lib/generate.sh b/lib/generate.sh
index aed7704..8d64d14 100755
--- a/lib/generate.sh
+++ b/lib/generate.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-cat > ../landing/index.html <<EOL
+cat > ./landing/index.html <<EOL
 <html lang="en">
 
 <head>
@@ -70,11 +70,11 @@ cat > ../landing/index.html <<EOL
         <tbody>
           <tr>
             <td>Bridgehead</td>
-            <td>Reverse Proxy <a href="http://e260-serv-05:8080/">Traefik</a></td>
+            <td>Reverse Proxy <a href="https://e260-serv-05/dashboard/">Traefik</a></td>
           </tr>
           <tr>
             <td>DKTK</td>
-            <td><a href="http://e260-serv-05/dktk-localdatamanagement/fhir/">Blaze</a></td>
+            <td><a href="https://e260-serv-05/dktk-localdatamanagement/fhir/">Blaze</a></td>
           </tr>
         </tbody>
       </table>