samply/bridgehead
1
0
Fork 0
mirror of https://github.com/samply/bridgehead.git synced 2026-04-17 20:50:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: samply:feature/ml-itcc
Branches Tags
samply:main samply:develop samply:ovis samply:feature/ml-itcc samply:fix/traefik-dashboard-route samply:feature/cce-enable-osiris2fhir samply:fix/alternative-proxy-handling samply:test/airgapped-blaze samply:test/airgapped-blaze-staging samply:mainzelliste-itcc samply:feat/proxy-escape-chars-readme samply:hotfix/secretsync samply:test/ast samply:feature/pscc-lens samply:feature/cce samply:feat/nngm samply:test/pscc-spot samply:hotfix/itcc samply:prototype/beamFile samply:timakro-patch-1 samply:feature/teiler-roles samply:test/opal5 samply:test/keycloak samply:feat/selinux samply:feature/remove-rstudio samply:test/teiler-dashboard samply:feature/teiler-for-ccp-and-bbmri samply:qr-bbmri-v2 samply:test/exporter-no-python samply:cherry-pick-tmp-pr samply:test/obds2fhir-batch-import samply:pr-secret-sync-gitlab-bbmri samply:feature/add-qb-to-cce samply:torbrenner-patch-1 samply:feat/routine-connector-minor-fixes samply:metadata_fb samply:feat/dnpm-dip samply:bugfix/test-old-blaze samply:dnpm-etl-rewrite samply:feature/qr-basic-auth samply:refactor/logging samply:feature/opal-client-for-new-token-manager samply:test/onkofdz samply:feature/addExporterAndTeilerToEric samply:set_env_variables_needed_for_fhir2sql samply:feature/externalize-versions samply:fix/kr-deactivate-landingpage samply:refactor/datashield-auth-config samply:refactor/independent-modules samply:feature/dnpm-extra-broker samply:revert-223-feat/add-dkfz-hector-ki-project samply:ehds2_develop samply:ehds2 samply:feature/auto-pr samply:qr_bbmri samply:feature/cBioPortal samply:feat/blaze-frontend samply:pro/lemedart samply:feature/feedback-agent samply:feature/component-moniotring samply:feature/cbioportal-datashield samply:documentation/blaze_resources samply:feat/cBioPortal samply:test-switch-branch samply:feature/nngm-rest samply:feature/opal samply:feature/snap samply:feature/accessTokenFromConfiguration
..
compare: samply:fix/traefik-dashboard-route
Branches Tags
samply:main samply:develop samply:ovis samply:feature/ml-itcc samply:fix/traefik-dashboard-route samply:feature/cce-enable-osiris2fhir samply:fix/alternative-proxy-handling samply:test/airgapped-blaze samply:test/airgapped-blaze-staging samply:mainzelliste-itcc samply:feat/proxy-escape-chars-readme samply:hotfix/secretsync samply:test/ast samply:feature/pscc-lens samply:feature/cce samply:feat/nngm samply:test/pscc-spot samply:hotfix/itcc samply:prototype/beamFile samply:timakro-patch-1 samply:feature/teiler-roles samply:test/opal5 samply:test/keycloak samply:feat/selinux samply:feature/remove-rstudio samply:test/teiler-dashboard samply:feature/teiler-for-ccp-and-bbmri samply:qr-bbmri-v2 samply:test/exporter-no-python samply:cherry-pick-tmp-pr samply:test/obds2fhir-batch-import samply:pr-secret-sync-gitlab-bbmri samply:feature/add-qb-to-cce samply:torbrenner-patch-1 samply:feat/routine-connector-minor-fixes samply:metadata_fb samply:feat/dnpm-dip samply:bugfix/test-old-blaze samply:dnpm-etl-rewrite samply:feature/qr-basic-auth samply:refactor/logging samply:feature/opal-client-for-new-token-manager samply:test/onkofdz samply:feature/addExporterAndTeilerToEric samply:set_env_variables_needed_for_fhir2sql samply:feature/externalize-versions samply:fix/kr-deactivate-landingpage samply:refactor/datashield-auth-config samply:refactor/independent-modules samply:feature/dnpm-extra-broker samply:revert-223-feat/add-dkfz-hector-ki-project samply:ehds2_develop samply:ehds2 samply:feature/auto-pr samply:qr_bbmri samply:feature/cBioPortal samply:feat/blaze-frontend samply:pro/lemedart samply:feature/feedback-agent samply:feature/component-moniotring samply:feature/cbioportal-datashield samply:documentation/blaze_resources samply:feat/cBioPortal samply:test-switch-branch samply:feature/nngm-rest samply:feature/opal samply:feature/snap samply:feature/accessTokenFromConfiguration

6 Commits
feature/ml ... fix/traefi

Author SHA1 Message Date
Tobias Kussel
80f1479818 Update traefik dashboard routing rules 
Traefik uses the `/api` path for the internal api. For the dashboard to function, it needs to be routed, too.
 2026-03-26 10:39:36 +01:00
Pierre Delpy
bbda99254f feature: add osiris2fhir in cce and minor fixes (#374) 2026-03-17 15:54:25 +01:00
Pierre Delpy
c1de9b8314 WIP: enable osiris2fhir in PSCC for GR (#372) 
enable osiris2fhir in PSCC for GR
 2026-02-24 12:09:39 +01:00
DavidCroftDKFZ
9d3ec957a2 Activate Directory token login (#371) 
Right now, Directory sync will only be activated if a username has been
specified. It also needs to run if a login token has been specified,
hence the change in this commit.
 2026-02-20 09:27:47 +01:00
Martin Jurk
7a9f80537b sites moved to etc itcc.comf (#369) 2026-02-10 16:04:33 +01:00
Pierre Delpy
bff06a6bb0 fix kr deployment (#370) 2026-02-10 11:21:36 +01:00
14 changed files with 61 additions and 101 deletions
Expand all files Collapse all files

2
bbmri/modules/directory-sync.sh
View File

@@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
if [ -n "${DS_DIRECTORY_USER_NAME}" ]; then if [ -n "${DS_DIRECTORY_USER_NAME}" ] || [ -n "${DS_DIRECTORY_USER_TOKEN}" ]; then
log INFO "Directory sync setup detected -- will start directory sync service." log INFO "Directory sync setup detected -- will start directory sync service."
OVERRIDE+=" -f ./$PROJECT/modules/directory-sync-compose.yml" OVERRIDE+=" -f ./$PROJECT/modules/directory-sync-compose.yml"
fi fi

6
cce/modules/osiris2fhir-setup.sh Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
if [ -n "$ENABLE_OSIRIS2FHIR" ]; then
log INFO "OSIRIS2FHIR-REST setup detected -- will start osiris2fhir module."
OVERRIDE+=" -f ./pscc/modules/osiris2fhir-compose.yml"
LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
fi

6
itcc/docker-compose.yml
View File

@@ -32,7 +32,7 @@ services:
BEAM_PROXY_URL: http://beam-proxy:8081 BEAM_PROXY_URL: http://beam-proxy:8081
RETRY_COUNT: ${FOCUS_RETRY_COUNT} RETRY_COUNT: ${FOCUS_RETRY_COUNT}
EPSILON: 0.28 EPSILON: 0.28
QUERIES_TO_CACHE: "/queries_to_cache.conf" QUERIES_TO_CACHE: '/queries_to_cache.conf'
ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze} ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
volumes: volumes:
- /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf:ro - /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf:ro
@@ -41,13 +41,12 @@ services:
- "blaze" - "blaze"
beam-proxy: beam-proxy:
image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop-sockets image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
container_name: bridgehead-beam-proxy container_name: bridgehead-beam-proxy
environment: environment:
BROKER_URL: ${BROKER_URL} BROKER_URL: ${BROKER_URL}
PROXY_ID: ${PROXY_ID} PROXY_ID: ${PROXY_ID}
APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT} APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
APP_omics-endpoint_KEY: ${FOCUS_BEAM_SECRET_SHORT}
PRIVKEY_FILE: /run/secrets/proxy.pem PRIVKEY_FILE: /run/secrets/proxy.pem
ALL_PROXY: http://forward_proxy:3128 ALL_PROXY: http://forward_proxy:3128
TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
@@ -60,6 +59,7 @@ services:
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
- /srv/docker/bridgehead/itcc/root.crt.pem:/conf/root.crt.pem:ro - /srv/docker/bridgehead/itcc/root.crt.pem:/conf/root.crt.pem:ro
volumes: volumes:
blaze-data: blaze-data:

1
itcc/modules/itcc-omics-ingest.sh
View File

@@ -3,5 +3,4 @@
if [ -n "$ENABLE_OMICS" ];then if [ -n "$ENABLE_OMICS" ];then
OVERRIDE+=" -f ./$PROJECT/modules/itcc-omics-ingest.yaml" OVERRIDE+=" -f ./$PROJECT/modules/itcc-omics-ingest.yaml"
GENERATE_API_KEY="$(generate_simple_password 'omics')" GENERATE_API_KEY="$(generate_simple_password 'omics')"
PATIENTLIST_POSTGRES_PASSWORD=="$(generate_simple_password 'mainzelliste')"
fi fi

71
itcc/modules/itcc-omics-ingest.yaml
View File

@@ -1,20 +1,8 @@
services: services:
omics-endpoint: omics-endpoint:
image: ghcr.io/samply/itcc-omics-ingest:fix-task image: ghcr.io/samply/itcc-omics-ingest:main
environment: environment:
API_KEY: ${GENERATE_API_KEY} - API_KEY=${GENERATE_API_KEY}
RUST_LOG: debug
BEAM_ID: "omics-endpoint.${PROXY_ID}"
BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
BEAM_URL: http://beam-proxy:8081
ML_URL: http://mainzelliste:8080
BLAZE_URL: http://bridgehead-itcc-blaze:8080/fhir/
DWH_SOCKET_ID: "${DWH_SOCKET_ID}"
DWH_TASK_ID: "${DWH_TASK_ID}"
ENABLE_SOCKETS: true
PARTNER_ID: itcc-inform
ML_API_KEY: ${GENERATE_API_KEY}
volumes: volumes:
- /var/cache/bridgehead/omics/data:/data/uploads - /var/cache/bridgehead/omics/data:/data/uploads
labels: labels:
@@ -24,58 +12,3 @@ services:
- "traefik.http.routers.omics.tls=true" - "traefik.http.routers.omics.tls=true"
- "traefik.http.middlewares.omics-stripprefix.stripprefix.prefixes=/api" - "traefik.http.middlewares.omics-stripprefix.stripprefix.prefixes=/api"
- "traefik.http.routers.omics.middlewares=omics-stripprefix" - "traefik.http.routers.omics.middlewares=omics-stripprefix"
db:
image: postgres:15
container_name: db
restart: unless-stopped
environment:
POSTGRES_DB: mainzelliste
POSTGRES_USER: ${ML_DB_USER}
POSTGRES_PASSWORD: ${PATIENTLIST_POSTGRES_PASSWORD}
ports:
- "5432:5432"
volumes:
- db_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${ML_DB_USER} -d mainzelliste"]
interval: 5s
timeout: 5s
retries: 10
start_period: 10s
mainzelliste:
image: medicalinformatics/mainzelliste:latest
container_name: mainzelliste
restart: unless-stopped
depends_on:
db:
condition: service_healthy
ports:
- 7887:8080
environment:
ML_API_KEY: ${GENERATE_API_KEY}
ML_DB_HOST: db
ML_DB_PORT: "5432"
ML_DB_NAME: mainzelliste
ML_DB_USER: ${ML_DB_USER}
ML_DB_PASS: ${PATIENTLIST_POSTGRES_PASSWORD}
ML_DB_DRIVER: org.postgresql.Driver
ML_DB_TYPE: postgresql
ML_LOG_LEVEL: INFO
ML_ALLOWEDREMOTEADDRESSES: "127.0.0.1,::1,172.16.0.0/12"
secrets:
- mainzelliste.docker.conf
- source: symmetric_key
target: /etc/resources/keys/symmetric_key.der
volumes:
db_data:
secrets:
mainzelliste.docker.conf:
file: /etc/bridgehead/mainzelliste/mainzelliste.docker.conf
symmetric_key:
file: /etc/bridgehead/mainzelliste/keyset_siv.json

3
itcc/vars
View File

@@ -7,9 +7,6 @@ SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
BROKER_URL_FOR_PREREQ=$BROKER_URL BROKER_URL_FOR_PREREQ=$BROKER_URL
PUBLIC_ENVIRONMENT=prod PUBLIC_ENVIRONMENT=prod
DWH_SOCKET_ID=socket.itcc-datalake.${BROKER_ID}
DWH_TASK_ID=task.itcc-datalake.${BROKER_ID}
ML_DB_USER=mainzelliste
for module in $PROJECT/modules/*.sh for module in $PROJECT/modules/*.sh
do do

3
kr/docker-compose.yml
View File

@@ -12,7 +12,8 @@ services:
BASE_URL: "http://bridgehead-kr-blaze:8080" BASE_URL: "http://bridgehead-kr-blaze:8080"
JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m" JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000} DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
ENFORCE_REFERENTIAL_INTEGRITY: "false" ENFORCE_REFERENTIAL_INTEGRITY: "false"
volumes: volumes:
- "blaze-data:/app/data" - "blaze-data:/app/data"

6
kr/modules/export-and-qb.curl-templates
View File

@@ -1,6 +0,0 @@
# Full Excel Export
curl --location --request POST 'https://${HOST}/ccp-exporter/request?query=Patient&query-format=FHIR_PATH&template-id=ccp&output-format=EXCEL' \
--header 'x-api-key: ${EXPORT_API_KEY}'
# QB
curl --location --request POST 'https://${HOST}/ccp-reporter/generate?template-id=ccp'

37
kr/modules/lens-compose.yml
View File

@@ -4,32 +4,41 @@ services:
deploy: deploy:
replicas: 1 #reactivate if lens is in use replicas: 1 #reactivate if lens is in use
container_name: lens_federated-search container_name: lens_federated-search
image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID} image: docker.verbis.dkfz.de/ccp/kr-explorer:main
environment:
PUBLIC_SPOT_URL: https://${HOST}/prod
labels: labels:
- "traefik.http.services.lens.loadbalancer.server.port=3000"
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.landing.rule=PathPrefix(`/`)" - "traefik.http.routers.lens.rule=Host(`${HOST}`)"
- "traefik.http.services.landing.loadbalancer.server.port=80" - "traefik.http.routers.lens.tls=true"
- "traefik.http.routers.landing.tls=true"
spot: spot:
image: docker.verbis.dkfz.de/ccp-private/central-spot image: samply/rustyspot:latest
environment: environment:
BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}" BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
BEAM_URL: http://beam-proxy:8081 BEAM_PROXY_URL: http://beam-proxy:8081
BEAM_PROXY_ID: ${SITE_ID} BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}"
BEAM_BROKER_ID: ${BROKER_ID} CORS_ORIGIN: "https://${HOST}"
BEAM_APP_ID: "focus" SITES: ${SITES}
PROJECT_METADATA: "kr_supervisors" TRANSFORM: LENS
PROJECT: kr
BIND_ADDR: 0.0.0.0:8055
depends_on: depends_on:
- "beam-proxy" - "beam-proxy"
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.services.spot.loadbalancer.server.port=8080" - "traefik.http.services.spot.loadbalancer.server.port=8055"
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type"
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
- "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)" - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)"
- "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend" - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod"
- "traefik.http.routers.spot.tls=true" - "traefik.http.routers.spot.tls=true"
- "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot" - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth"
beam-proxy:
environment:
APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT}

2
kr/modules/obds2fhir-rest-compose.yml
View File

@@ -3,7 +3,7 @@ version: "3.7"
services: services:
obds2fhir-rest: obds2fhir-rest:
container_name: bridgehead-obds2fhir-rest container_name: bridgehead-obds2fhir-rest
image: docker.verbis.dkfz.de/ccp/obds2fhir-rest:main image: docker.verbis.dkfz.de/samply/obds2fhir-rest:main
environment: environment:
IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID
MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY} MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}

2
kr/vars
View File

@@ -3,7 +3,7 @@ BROKER_URL=https://${BROKER_ID}
PROXY_ID=${SITE_ID}.${BROKER_ID} PROXY_ID=${SITE_ID}.${BROKER_ID}
FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de SUPPORT_EMAIL=p.delpy@dkfz-heidelberg.de
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
BROKER_URL_FOR_PREREQ=$BROKER_URL BROKER_URL_FOR_PREREQ=$BROKER_URL

2
minimal/docker-compose.yml
View File

@@ -16,7 +16,7 @@ services:
- --entrypoints.web.http.redirections.entrypoint.scheme=https - --entrypoints.web.http.redirections.entrypoint.scheme=https
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=PathPrefix(`/dashboard/`)" - "traefik.http.routers.dashboard.rule=PathPrefix(`/dashboard/`)||PathPrefix(`/api`)"
- "traefik.http.routers.dashboard.entrypoints=websecure" - "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.service=api@internal" - "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.tls=true" - "traefik.http.routers.dashboard.tls=true"

15
pscc/modules/osiris2fhir-compose.yml Normal file
View File

@@ -0,0 +1,15 @@
services:
osiris2fhir:
container_name: bridgehead-osiris2fhir
image: docker.verbis.dkfz.de/ccp/osiris2fhir
environment:
FHIR_PROFILE: ${PROJECT:-pscc}
LOG_LEVEL: ${LOG_LEVEL:-INFO}
SALT: ${LOCAL_SALT}
labels:
- "traefik.enable=true"
- "traefik.http.routers.osiris2fhir.rule=PathPrefix(`/osiris2fhir`)"
- "traefik.http.middlewares.osiris2fhir_strip.stripprefix.prefixes=/osiris2fhir"
- "traefik.http.services.osiris2fhir.loadbalancer.server.port=8080"
- "traefik.http.routers.osiris2fhir.tls=true"
- "traefik.http.routers.osiris2fhir.middlewares=osiris2fhir_strip,auth"

6
pscc/modules/osiris2fhir-setup.sh Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
if [ -n "$ENABLE_OSIRIS2FHIR" ]; then
log INFO "OSIRIS2FHIR-REST setup detected -- will start osiris2fhir module."
OVERRIDE+=" -f ./pscc/modules/osiris2fhir-compose.yml"
LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
fi