mirror of https://github.com/samply/bridgehead.git
Add opal certificate
This commit is contained in:
parent
1f4c2cad03
commit
da49437ada
|
@ -24,7 +24,7 @@ services:
|
|||
############################################ DataSHIELD Server (Opal)
|
||||
opal:
|
||||
container_name: bridgehead-opal
|
||||
image: obiba/opal:4.5
|
||||
image: docker.verbis.dkfz.de/ccp/dktk-opal:latest
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.opal_ccp.rule=PathPrefix(`/opal`)"
|
||||
|
@ -44,6 +44,11 @@ services:
|
|||
ROCK_HOSTS: "opal-rserver:8085"
|
||||
APP_URL: "https://${HOST}/opal"
|
||||
APP_CONTEXT_PATH: "/opal"
|
||||
OPAL_PRIVATE_KEY: "/run/secrets/opal-key.pem"
|
||||
OPAL_CERTIFICATE: "/run/secrets/opal-cert.pem"
|
||||
secrets:
|
||||
- opal-cert.pem
|
||||
- opal-key.pem
|
||||
|
||||
# volumes:
|
||||
# - "bridgehead-opal:/srv"
|
||||
|
@ -93,3 +98,9 @@ services:
|
|||
# name: "bridgehead-opal-db"
|
||||
# bridgehead-opal:
|
||||
# name: "bridgehead-opal"
|
||||
|
||||
secrets:
|
||||
opal-cert.pem:
|
||||
file: /etc/bridgehead/traefik-tls/opal-cert.pem
|
||||
opal-key.pem:
|
||||
file: /etc/bridgehead/traefik-tls/opal-key.pem
|
||||
|
|
|
@ -5,3 +5,6 @@ if [ "$ENABLE_DATASHIELD" == true ];then
|
|||
OVERRIDE+=" -f ./$PROJECT/modules/datashield-compose.yml"
|
||||
fi
|
||||
OPAL_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for Opal. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
||||
if [ ! -e "/etc/bridgehead/traefik-tls/opal-cert.pem" ]; then
|
||||
openssl req -x509 -newkey rsa:4096 -nodes -keyout /etc/bridgehead/traefik-tls/opal-key.pem -out /etc/bridgehead/traefik-tls/opal-cert.pem -days 3650 -subj "/CN=$HOST"
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue