fix: squash me 4 - test backendurl

bbmri/docker-compose.yml

@@ -4,7 +4,7 @@ version: "3.7"
 
 services:
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
     container_name: bridgehead-bbmri-blaze
     environment:
       BASE_URL: "http://bridgehead-bbmri-blaze:8080"

cce/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
     container_name: bridgehead-cce-blaze
     environment:
       BASE_URL: "http://bridgehead-cce-blaze:8080"

cce/modules/export-and-qb.curl-templates

@@ -0,0 +1,6 @@
+# Full Excel Export
+curl --location --request POST 'https://${HOST}/cce-exporter/request?query=Patient&query-format=FHIR_PATH&template-id=ccp&output-format=EXCEL' \
+--header 'x-api-key: ${EXPORT_API_KEY}'
+
+# QB
+curl --location --request POST 'https://${HOST}/cce-reporter/generate?template-id=ccp'

cce/modules/exporter-compose.yml

@@ -0,0 +1,72 @@
+version: "3.7"
+
+services:
+  exporter:
+    image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest
+    container_name: bridgehead-cce-exporter
+    environment:
+      JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
+      LOG_LEVEL: "INFO"
+      EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
+      CROSS_ORIGINS: "https://${HOST}"
+      EXPORTER_DB_USER: "exporter"
+      EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
+      EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter"
+      HTTP_RELATIVE_PATH: "/cce-exporter"
+      SITE: "${SITE_ID}"
+      HTTP_SERVLET_REQUEST_SCHEME: "https"
+      OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.exporter_cce.rule=PathPrefix(`/cce-exporter`)"
+      - "traefik.http.services.exporter_cce.loadbalancer.server.port=8092"
+      - "traefik.http.routers.exporter_cce.tls=true"
+      - "traefik.http.middlewares.exporter_cce_strip.stripprefix.prefixes=/cce-exporter"
+      - "traefik.http.routers.exporter_cce.middlewares=exporter_cce_strip"
+    volumes:
+      - "/var/cache/bridgehead/cce/exporter-files:/app/exporter-files/output"
+
+  exporter-db:
+    image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
+    container_name: bridgehead-cce-exporter-db
+    environment:
+      POSTGRES_USER: "exporter"
+      POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
+      POSTGRES_DB: "exporter"
+    volumes:
+      # Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
+      - "/var/cache/bridgehead/cce/exporter-db:/var/lib/postgresql/data"
+
+  reporter:
+    image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
+    container_name: bridgehead-cce-reporter
+    environment:
+      JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
+      LOG_LEVEL: "INFO"
+      CROSS_ORIGINS: "https://${HOST}"
+      HTTP_RELATIVE_PATH: "/cce-reporter"
+      SITE: "${SITE_ID}"
+      EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
+      EXPORTER_URL: "http://exporter:8092"
+      LOG_FHIR_VALIDATION: "false"
+      HTTP_SERVLET_REQUEST_SCHEME: "https"
+
+    # In this initial development state of the bridgehead, we are trying to have so many volumes as possible.
+    # However, in the first executions in the CCE sites, this volume seems to be very important. A report is
+    # a process that can take several hours, because it depends on the exporter.
+    # There is a risk that the bridgehead restarts, losing the already created export.
+
+    volumes:
+      - "/var/cache/bridgehead/cce/reporter-files:/app/reports"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.reporter_cce.rule=PathPrefix(`/cce-reporter`)"
+      - "traefik.http.services.reporter_cce.loadbalancer.server.port=8095"
+      - "traefik.http.routers.reporter_cce.tls=true"
+      - "traefik.http.middlewares.reporter_cce_strip.stripprefix.prefixes=/cce-reporter"
+      - "traefik.http.routers.reporter_cce.middlewares=reporter_cce_strip"
+
+  focus:
+    environment:
+      EXPORTER_URL: "http://exporter:8092"
+      EXPORTER_API_KEY: "${EXPORTER_API_KEY}"

cce/modules/exporter-setup.sh

@@ -0,0 +1,8 @@
+#!/bin/bash -e
+
+if [ "$ENABLE_EXPORTER" == true ]; then
+  log INFO "Exporter setup detected -- will start Exporter service."
+  OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml"
+  EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+  EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)"
+fi

cce/modules/teiler-compose.yml

@@ -0,0 +1,89 @@
+version: "3.7"
+
+services:
+
+  teiler-orchestrator:
+    image: docker.verbis.dkfz.de/cache/samply/teiler-orchestrator:latest
+    container_name: bridgehead-teiler-orchestrator
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.teiler_orchestrator_cce.rule=PathPrefix(`/cce-teiler`)"
+      - "traefik.http.services.teiler_orchestrator_cce.loadbalancer.server.port=9000"
+      - "traefik.http.routers.teiler_orchestrator_cce.tls=true"
+      - "traefik.http.middlewares.teiler_orchestrator_cce_strip.stripprefix.prefixes=/cce-teiler"
+      - "traefik.http.routers.teiler_orchestrator_cce.middlewares=teiler_orchestrator_cce_strip"
+    environment:
+      TEILER_BACKEND_URL: "https://${HOST}/cce-teiler-backend"
+      TEILER_DASHBOARD_URL: "https://${HOST}/cce-teiler-dashboard"
+      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}"
+      HTTP_RELATIVE_PATH: "/cce-teiler"
+
+  teiler-dashboard:
+    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
+    container_name: bridgehead-teiler-dashboard
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.teiler_dashboard_cce.rule=PathPrefix(`/cce-teiler-dashboard`)"
+      - "traefik.http.services.teiler_dashboard_cce.loadbalancer.server.port=80"
+      - "traefik.http.routers.teiler_dashboard_cce.tls=true"
+      - "traefik.http.middlewares.teiler_dashboard_cce_strip.stripprefix.prefixes=/cce-teiler-dashboard"
+      - "traefik.http.routers.teiler_dashboard_cce.middlewares=teiler_dashboard_cce_strip"
+    environment:
+      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
+      TEILER_BACKEND_URL: "https://${HOST}/cce-teiler-backend"
+      OIDC_URL: "${OIDC_URL}"
+      OIDC_REALM: "${OIDC_REALM}"
+      OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
+      OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
+      TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
+      TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
+      TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
+      TEILER_PROJECT: "${PROJECT}"
+      EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
+      TEILER_ORCHESTRATOR_URL: "https://${HOST}/cce-teiler"
+      TEILER_DASHBOARD_HTTP_RELATIVE_PATH: "/cce-teiler-dashboard"
+      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/cce-teiler"
+      TEILER_USER: "${OIDC_USER_GROUP}"
+      TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
+      REPORTER_DEFAULT_TEMPLATE_ID: "cce-qb"
+      EXPORTER_DEFAULT_TEMPLATE_ID: "cce"
+
+
+  teiler-backend:
+    image: docker.verbis.dkfz.de/ccp/dktk-teiler-backend:latest
+    container_name: bridgehead-teiler-backend
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.teiler_backend_cce.rule=PathPrefix(`/cce-teiler-backend`)"
+      - "traefik.http.services.teiler_backend_cce.loadbalancer.server.port=8085"
+      - "traefik.http.routers.teiler_backend_cce.tls=true"
+      - "traefik.http.middlewares.teiler_backend_cce_strip.stripprefix.prefixes=/cce-teiler-backend"
+      - "traefik.http.routers.teiler_backend_cce.middlewares=teiler_backend_cce_strip"
+    environment:
+      LOG_LEVEL: "INFO"
+      APPLICATION_PORT: "8085"
+      APPLICATION_ADDRESS: "${HOST}"
+      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
+      CONFIG_ENV_VAR_PATH: "/run/secrets/cce.conf"
+      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/cce-teiler"
+      TEILER_ORCHESTRATOR_URL: "https://${HOST}/cce-teiler"
+      TEILER_DASHBOARD_DE_URL: "https://${HOST}/cce-teiler-dashboard/de"
+      TEILER_DASHBOARD_EN_URL: "https://${HOST}/cce-teiler-dashboard/en"
+      CENTRAX_URL: "${CENTRAXX_URL}"
+      HTTP_PROXY: "http://forward_proxy:3128"
+      ENABLE_MTBA: "${ENABLE_MTBA}"
+      ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
+      TEILER_APP16_BACKENDURL: "https://${HOST}/cce-exporter"
+      TEILER_APP17_BACKENDURL: "https://${HOST}/cce-exporter"
+      TEILER_APP18_BACKENDURL: "https://${HOST}/cce-exporter"
+      TEILER_APP35_BACKENDURL: "https://${HOST}/cce-exporter"
+      TEILER_APP36_BACKENDURL: "https://${HOST}/cce-exporter"
+      TEILER_APP26_BACKENDURL: "https://${HOST}/cce-reporter"
+
+
+    secrets:
+      - cce.conf
+
+secrets:
+  cce.conf:
+    file: /etc/bridgehead/cce.conf

cce/modules/teiler-setup.sh

@@ -0,0 +1,9 @@
+#!/bin/bash -e
+
+if [ "$ENABLE_TEILER" == true ];then
+  log INFO "Teiler setup detected -- will start Teiler services."
+  OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
+  TEILER_DEFAULT_LANGUAGE=DE
+  TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
+  add_public_oidc_redirect_url "/cce-teiler/*"
+fi

cce/vars

@@ -7,6 +7,18 @@ SUPPORT_EMAIL=manoj.waikar@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 BROKER_URL_FOR_PREREQ=$BROKER_URL
 
+POSTGRES_TAG=15.6-alpine
+
+OIDC_USER_GROUP="CCE_$(capitalize_first_letter ${SITE_ID})"
+OIDC_ADMIN_GROUP="CCE_$(capitalize_first_letter ${SITE_ID})_Verwalter"
+OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private
+OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public
+# Use "test-realm-01" for testing
+OIDC_REALM="${OIDC_REALM:-test-realm-01}"
+OIDC_URL="https://login.verbis.dkfz.de"
+OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}"
+OIDC_GROUP_CLAIM="groups"
+
 for module in $PROJECT/modules/*.sh
 do
     log DEBUG "sourcing $module"

ccp/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
     container_name: bridgehead-ccp-blaze
     environment:
       BASE_URL: "http://bridgehead-ccp-blaze:8080"

ccp/modules/blaze-secondary-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   blaze-secondary:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
     container_name: bridgehead-ccp-blaze-secondary
     environment:
       BASE_URL: "http://bridgehead-ccp-blaze-secondary:8080"

ccp/vars

@@ -29,12 +29,4 @@ done
 idManagementSetup
 mtbaSetup
 obds2fhirRestSetup
-blazeSecondarySetup
+blazeSecondarySetup
-
-for module in modules/*.sh
-do
-    log DEBUG "sourcing $module"
-    source $module
-done
-
-transfairSetup

dhki/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
     container_name: bridgehead-dhki-blaze
     environment:
       BASE_URL: "http://bridgehead-dhki-blaze:8080"

itcc/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
     container_name: bridgehead-itcc-blaze
     environment:
       BASE_URL: "http://bridgehead-itcc-blaze:8080"

kr/docker-compose.yml

@@ -6,7 +6,7 @@ services:
       replicas: 0 #deactivate landing page
 
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
     container_name: bridgehead-kr-blaze
     environment:
       BASE_URL: "http://bridgehead-kr-blaze:8080"

lib/functions.sh

@@ -334,40 +334,24 @@ function secret_sync_gitlab_token() {
             ;;
     esac
 
-    if [ "$PROJECT" == "bbmri" ]; then
+    # Use Secret Sync to validate the GitLab token in /var/cache/bridgehead/secrets/gitlab_token.
-        # If the project is BBMRI, use the BBMRI-ERIC broker and not the GBN broker
-        proxy_id=$ERIC_PROXY_ID
-        broker_url=$ERIC_BROKER_URL
-        broker_id=$ERIC_BROKER_ID
-        root_crt_file="/srv/docker/bridgehead/bbmri/modules/${ERIC_ROOT_CERT}.root.crt.pem"
-    else
-        proxy_id=$PROXY_ID
-        broker_url=$BROKER_URL
-        broker_id=$BROKER_ID
-        root_crt_file="/srv/docker/bridgehead/$PROJECT/root.crt.pem"
-    fi
-
-    # Create a temporary directory for Secret Sync that is valid per boot
-    secret_sync_tempdir="/tmp/bridgehead/secret-sync.boot-$(cat /proc/sys/kernel/random/boot_id)"
-    mkdir -p $secret_sync_tempdir
-
-    # Use Secret Sync to validate the GitLab token in $secret_sync_tempdir/cache.
     # If it is missing or expired, Secret Sync will create a new token and write it to the file.
     # The git credential helper reads the token from the file during git pull.
+    mkdir -p /var/cache/bridgehead/secrets
+    touch /var/cache/bridgehead/secrets/gitlab_token # the file has to exist to be mounted correctly in the Docker container
     log "INFO" "Running Secret Sync for the GitLab token (gitlab=$gitlab)"
     docker pull docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest # make sure we have the latest image
     docker run --rm \
+        -v /var/cache/bridgehead/secrets/gitlab_token:/usr/local/cache \
         -v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \
-        -v $root_crt_file:/run/secrets/root.crt.pem:ro \
+        -v /srv/docker/bridgehead/$PROJECT/root.crt.pem:/run/secrets/root.crt.pem:ro \
         -v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \
-        -v $secret_sync_tempdir:/secret-sync/ \
-        -e CACHE_PATH=/secret-sync/gitlab-token \
         -e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \
         -e NO_PROXY=localhost,127.0.0.1 \
         -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
-        -e PROXY_ID=$proxy_id \
+        -e PROXY_ID=$PROXY_ID \
-        -e BROKER_URL=$broker_url \
+        -e BROKER_URL=$BROKER_URL \
-        -e GITLAB_PROJECT_ACCESS_TOKEN_PROVIDER=secret-sync-central.central-secret-sync.$broker_id \
+        -e GITLAB_PROJECT_ACCESS_TOKEN_PROVIDER=secret-sync-central.central-secret-sync.$BROKER_ID \
         -e SECRET_DEFINITIONS=GitLabProjectAccessToken:BRIDGEHEAD_CONFIG_REPO_TOKEN:$gitlab \
         docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest
     if [ $? -eq 0 ]; then

lib/gitlab-token-helper.sh

@@ -2,7 +2,7 @@
 
 [ "$1" = "get" ] || exit
 
-source "/tmp/bridgehead/secret-sync.boot-$(cat /proc/sys/kernel/random/boot_id)/gitlab-token"
+source /var/cache/bridgehead/secrets/gitlab_token
 
 # Any non-empty username works, only the token matters
 cat << EOF

lib/install-bridgehead.sh

@@ -41,14 +41,6 @@ if [ ! -z "$NNGM_CTS_APIKEY" ] && [ -z "$NNGM_AUTH" ]; then
   add_basic_auth_user "nngm" $generated_passwd "NNGM_AUTH" $PROJECT
 fi
 
-if [ -z "$TRANSFAIR_AUTH" ]; then
-  if [[ -n "$TTP_URL" || -n "$EXCHANGE_ID_SYSTEM" ]]; then
-    log "INFO" "Now generating basic auth user for transfair API (see adduser in bridgehead for more information). "
-    generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)"
-    add_basic_auth_user "transfair" $generated_passwd "TRANSFAIR_AUTH" $PROJECT
-  fi
-fi
-
 log "INFO" "Registering system units for bridgehead and bridgehead-update"
 cp -v \
     lib/systemd/bridgehead\@.service \

modules/ssh-tunnel-compose.yml

@@ -1,17 +0,0 @@
-version: "3.7"
-
-services:
-  ssh-tunnel:
-    image: docker.verbis.dkfz.de/cache/samply/ssh-tunnel
-    container_name: bridgehead-ccp-ssh-tunnel
-    environment:
-      SSH_TUNNEL_USERNAME: "${SSH_TUNNEL_USERNAME}"
-      SSH_TUNNEL_HOST: "${SSH_TUNNEL_HOST}"
-      SSH_TUNNEL_PORT: "${SSH_TUNNEL_PORT:-22}"
-    volumes:
-      - "/etc/bridgehead/ssh-tunnel.conf:/ssh-tunnel.conf:ro"
-    secrets:
-      - privkey
-secrets:
-  privkey:
-    file: /etc/bridgehead/pki/ssh-tunnel.priv.pem

modules/ssh-tunnel-setup.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-
-if [ -n "$ENABLE_SSH_TUNNEL" ]; then
-	log INFO "SSH Tunnel setup detected -- will start SSH Tunnel."
-	OVERRIDE+=" -f ./$PROJECT/modules/ssh-tunnel-compose.yml"
-fi

modules/ssh-tunnel.md

@@ -1,19 +0,0 @@
-# SSH Tunnel Module
-
-This module enables SSH tunneling capabilities for the Bridgehead installation.
-The primary use case for this is to connect bridgehead components that are hosted externally due to security concerns.
-To connect the new components to the locally running bridgehead infra one is supposed to write a docker-compose.override.yml changing the urls to point to the corresponding forwarded port of the ssh-tunnel container.
-
-## Configuration Variables
-
-- `ENABLE_SSH_TUNNEL`: Required to enable the module
-- `SSH_TUNNEL_USERNAME`: Username for SSH connection
-- `SSH_TUNNEL_HOST`: Target host for SSH tunnel
-- `SSH_TUNNEL_PORT`: SSH port (defaults to 22)
-
-## Configuration Files
-
-The module requires the following files to be present:
-
-- `/etc/bridgehead/ssh-tunnel.conf`: SSH tunnel configuration file. Detailed information can be found [here](https://github.com/samply/ssh-tunnel?tab=readme-ov-file#configuration).
-- `/etc/bridgehead/pki/ssh-tunnel.priv.pem`: The SSH private key used to connect to the `SSH_TUNNEL_HOST`. **Passphrases for the key are not supported!**

modules/transfair-compose.yml

@@ -5,12 +5,8 @@ services:
     container_name: bridgehead-transfair
     environment:
       # NOTE: Those 3 variables need only to be passed if their set, otherwise transfair will complain about empty url values
-      - TTP_URL
+      - INSTITUTE_TTP_URL
-      - TTP_ML_API_KEY
+      - INSTITUTE_TTP_API_KEY
-      - TTP_GW_SOURCE
-      - TTP_GW_DOMAIN
-      - TTP_TYPE
-      - TTP_AUTH
       - PROJECT_ID_SYSTEM
       - FHIR_REQUEST_URL=${FHIR_REQUEST_URL}
       - FHIR_INPUT_URL=${FHIR_INPUT_URL}
@@ -21,24 +17,11 @@ services:
       - EXCHANGE_ID_SYSTEM=${EXCHANGE_ID_SYSTEM:-SESSION_ID}
       - DATABASE_URL=sqlite://transfair/data_requests.sql?mode=rwc
       - RUST_LOG=${RUST_LOG:-info}
-      - TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs
     volumes:
       - /var/cache/bridgehead/${PROJECT}/transfair:/transfair
-      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.middlewares.transfair-strip.stripprefix.prefixes=/transfair"
-      - "traefik.http.routers.transfair.middlewares=transfair-strip,transfair-auth"
-      - "traefik.http.routers.transfair.rule=PathPrefix(`/transfair`)"
-      - "traefik.http.services.transfair.loadbalancer.server.port=8080"
-      - "traefik.http.routers.transfair.tls=true"
-  
-  traefik:
-    labels:
-      - "traefik.http.middlewares.transfair-auth.basicauth.users=${TRANSFAIR_AUTH}"
 
   transfair-input-blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
     container_name: bridgehead-transfair-input-blaze
     environment:
       BASE_URL: "http://bridgehead-transfair-input-blaze:8080"
@@ -49,16 +32,9 @@ services:
     volumes:
       - "transfair-input-blaze-data:/app/data"
     profiles: ["transfair-input-blaze"]
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.transfair-input-blaze.rule=PathPrefix(`/data-delivery`)"
-      - "traefik.http.middlewares.transfair-input-strip.stripprefix.prefixes=/data-delivery"
-      - "traefik.http.services.transfair-input-blaze.loadbalancer.server.port=8080"
-      - "traefik.http.routers.transfair-input-blaze.middlewares=transfair-input-strip,transfair-auth"
-      - "traefik.http.routers.transfair-input-blaze.tls=true"
 
   transfair-request-blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
     container_name: bridgehead-transfair-requests-blaze
     environment:
       BASE_URL: "http://bridgehead-transfair-requests-blaze:8080"
@@ -69,13 +45,6 @@ services:
     volumes:
       - "transfair-request-blaze-data:/app/data"
     profiles: ["transfair-request-blaze"]
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.transfair-request-blaze.rule=PathPrefix(`/data-requests`)"
-      - "traefik.http.middlewares.transfair-request-strip.stripprefix.prefixes=/data-requests"
-      - "traefik.http.services.transfair-request-blaze.loadbalancer.server.port=8080"
-      - "traefik.http.routers.transfair-request-blaze.middlewares=transfair-request-strip,transfair-auth"
-      - "traefik.http.routers.transfair-request-blaze.tls=true"
 
 volumes:
   transfair-input-blaze-data:

modules/transfair-setup.sh

@@ -1,7 +1,7 @@
 #!/bin/bash -e
 
 function transfairSetup() {
-    if [[ -n "$TTP_URL" || -n "$EXCHANGE_ID_SYSTEM" ]]; then
+    if [[ -n "$INSTITUTE_TTP_URL" || -n "$EXCHANGE_ID_SYSTEM" ]]; then
         echo "Starting transfair."
 	    OVERRIDE+=" -f ./modules/transfair-compose.yml"
 	    if [ -n "$FHIR_INPUT_URL" ]; then
@@ -18,14 +18,5 @@ function transfairSetup() {
 		    FHIR_REQUEST_URL="http://transfair-requests-blaze:8080"
 		    OVERRIDE+=" --profile transfair-request-blaze"
 	    fi
-	    if [ -n "$TTP_GW_SOURCE" ]; then
-		    log INFO "TransFAIR configured with greifswald as ttp"
-		    TTP_TYPE="greifswald"
-	    elif [ -n "$TTP_ML_API_KEY" ]; then
-		    log INFO "TransFAIR configured with mainzelliste as ttp"
-		    TTP_TYPE="mainzelliste"
-        else
-		    log INFO "TransFAIR configured without ttp"
-	    fi
     fi
 }

versions/prod

@@ -1,3 +1,2 @@
 FOCUS_TAG=main
-BEAM_TAG=main
+BEAM_TAG=main
-BLAZE_TAG=0.32

versions/test

@@ -1,3 +1,2 @@
 FOCUS_TAG=develop
-BEAM_TAG=develop
+BEAM_TAG=develop
-BLAZE_TAG=main