From ca6bcff9ba001305c18f55bdf2d93f90467f2296 Mon Sep 17 00:00:00 2001
From: janskiba <jan.skiba@dkfz-heidelberg.de>
Date: Fri, 8 Dec 2023 11:50:06 +0000
Subject: [PATCH] fix: Restrict rstudio network access

---
 ccp/modules/datashield-compose.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/ccp/modules/datashield-compose.yml b/ccp/modules/datashield-compose.yml
index 611b39f..501c666 100644
--- a/ccp/modules/datashield-compose.yml
+++ b/ccp/modules/datashield-compose.yml
@@ -17,6 +17,8 @@ services:
       - "traefik.http.middlewares.rstudio_ccp_strip.stripprefix.prefixes=/rstudio"
       - "traefik.http.routers.rstudio_ccp.tls=true"
       - "traefik.http.routers.rstudio_ccp.middlewares=oidcAuth,rstudio_ccp_strip"
+    networks:
+      - rstudio
 
   opal:
     container_name: bridgehead-opal
@@ -88,6 +90,18 @@ services:
       - beam-proxy
     volumes:
       - /tmp/bridgehead/opal-map/:/map/:ro
+    networks:
+      - default
+      - rstudio
+  
+  traefik:
+    networks:
+      - default
+      - rstudio
+  forward_proxy:
+    networks:
+      - default
+      - rstudio
 
   beam-proxy:
     environment:
@@ -98,3 +112,6 @@ secrets:
     file: /tmp/bridgehead/opal-cert.pem
   opal-key.pem:
     file: /tmp/bridgehead/opal-key.pem
+
+networks:
+  rstudio: