From cfdcb8af86e26b1cacfe608d59c0f3f824635f54 Mon Sep 17 00:00:00 2001
From: Martin Lablans <m.lablans@dkfz-heidelberg.de>
Date: Fri, 28 Oct 2022 11:53:50 +0200
Subject: [PATCH] Don't expose bridgehead http(s) services by default.

---
 bbmri/docker-compose.yml | 6 ++----
 ccp/docker-compose.yml   | 6 ++----
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml
index c49fb6f..ee35119 100644
--- a/bbmri/docker-compose.yml
+++ b/bbmri/docker-compose.yml
@@ -8,12 +8,14 @@ services:
       - --entrypoints.web.address=:80
       - --entrypoints.websecure.address=:443
       - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
       - --providers.file.directory=/configuration/
       - --api.dashboard=true
       - --accesslog=true
       - --entrypoints.web.http.redirections.entrypoint.to=websecure
       - --entrypoints.web.http.redirections.entrypoint.scheme=https
     labels:
+      - "traefik.enable=true"
       - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
       - "traefik.http.routers.dashboard.entrypoints=websecure"
       - "traefik.http.routers.dashboard.service=api@internal"
@@ -82,8 +84,6 @@ services:
     depends_on:
       - "beam-proxy"
       - "blaze"
-    labels:
-      - "traefik.enable=false"
 
   beam-proxy:
     image: "samply/beam-proxy:develop"
@@ -99,8 +99,6 @@ services:
       TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
     secrets:
       - proxy.pem
-    labels:
-      - "traefik.enable=false"
     depends_on:
       - "forward_proxy"
     volumes:
diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml
index 2fb494c..3074f31 100644
--- a/ccp/docker-compose.yml
+++ b/ccp/docker-compose.yml
@@ -8,12 +8,14 @@ services:
       - --entrypoints.web.address=:80
       - --entrypoints.websecure.address=:443
       - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
       - --providers.file.directory=/configuration/
       - --api.dashboard=true
       - --accesslog=true
       - --entrypoints.web.http.redirections.entrypoint.to=websecure
       - --entrypoints.web.http.redirections.entrypoint.scheme=https
     labels:
+      - "traefik.enable=true"
       - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
       - "traefik.http.routers.dashboard.entrypoints=websecure"
       - "traefik.http.routers.dashboard.service=api@internal"
@@ -82,8 +84,6 @@ services:
     depends_on:
       - "beam-proxy"
       - "blaze"
-    labels:
-      - "traefik.enable=false"
 
   beam-proxy:
     image: "samply/beam-proxy:develop"
@@ -101,8 +101,6 @@ services:
       TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
     secrets:
       - proxy.pem
-    labels:
-      - "traefik.enable=false"
     depends_on:
       - "forward_proxy"
     volumes: