Enhanced the ovis-setup.sh script to include a comprehensive log message when the OVIS module is enabled. This update provides clear visual feedback during the initialization process, indicating that OVIS services will start with local oauth2-proxy middleware.
Updated the ovis-setup.sh script to improve handling of the trusted CA directory, ensuring that the oauth2-proxy uses the system trust store if the directory is missing. Adjusted logging messages for clarity regarding the detection of custom OIDC CA files, specifically focusing on .crt files. Additionally, added a new environment variable for TLS_CA_CERTIFICATES_DIR in the ovis-compose.yml file to support trusted CA certificates.
Enhanced the OVIS setup by introducing support for custom OIDC CA files in the oauth2-proxy configuration. Updated the ovis-compose.yml to include new environment variables and volume mounts for trusted CA certificates. Modified the ovis-setup.sh script to detect and log the presence of custom CA files, ensuring secure communication with OIDC providers.
Introduced a new service, `ovis-traefik-forward-auth`, to handle authentication via oauth2-proxy. Updated Traefik routing for existing services to integrate the new middleware, ensuring secure access control. Adjusted logging in ovis-setup.sh to reflect the addition of the oauth2-proxy middleware in the OVIS setup process.
Collapse the `/ccp-ovis` slash-redirect and prefix-strip flow into one `ovis-frontend-ccp` router by attaching both middlewares in order (redirect, then strip). This removes redundant router labels while preserving canonical `/ccp-ovis -> /ccp-ovis/` behavior and mounted-path forwarding to the frontend service.
Apply the PR #375 review feedback by removing Bridgehead-specific compose/setup overrides
that duplicated upstream OVIS behavior and by switching to the upstream-built Mongo image
that already contains init logic.
- rename CCP OVIS services to consistent upstream-style names (`ovis-*`) and update internal dependencies
- switch Mongo service image from direct `mongo:latest` + host-mounted init script to `docker.verbis.dkfz.de/ovis/ovis-backend-mongodb:latest`
- remove obsolete Mongo init bind mount (`/docker-entrypoint-initdb.d/init.js`) from compose
- drop redundant runtime overrides from compose (`restart`, `command`, `user`, `working_dir`)
- remove duplicated app-default/preprocessor env overrides (`OVIS_PREPROC_*`, misc backend defaults) and keep deployment wiring only
- fix Mongo connection env usage to `ADDRESS` and point services to `ovis-backend-database-mongodb`
- remove temporary root-compat Traefik redirect shim and keep mounted `/ccp-ovis` routing labels
- remove setup-time generation of Mongo init.js and related cache directory prep from `ccp/modules/ovis-setup.sh`
- Removed the traefik service and renamed traefik-forward-auth to ovis- with ovis-traefik-forward-auth the labels, however would need help there as i got no knowledge of how OAuth2 works (Torben initialized that container)
- Updated MongoDB service configuration to include a direct initialization script for user and operation collections in the sh instead of in the compose directly
- Adjusted volume paths to only use the /var/cache/bridgehead/ccp directory
- Adjusted frontend and backend service labels for Traefik routing to not use ports
- Cleaned up unnecessary network definitions and volumes.
- Renamed FHIR Server URL to bridgehead-ccp-blaze:8080/fhir
- Removed redundant entrypoint (python main.py) of fhir transformer
