Add documentation for proxy (credential) special character escaping

README.md

@@ -73,7 +73,7 @@ We recommend to install Docker(-compose) from its official sources as described
 
 A Bridgehead communicates to all central components via outgoing HTTPS connections.
 
-Your site might require an outgoing proxy (i.e. HTTPS forward proxy) to connect to external servers; you should discuss this with your local systems administration. In that case, you will need to note down the URL of the proxy. If the proxy requires authentication, you will also need to make a note of its username and password. This information will be used later on during the installation process. TLS terminating proxies are also supported, see [here](#tls-terminating-proxies). Apart from the Bridgehead itself, you may also need to configure the proxy server in [git](https://gist.github.com/evantoli/f8c23a37eb3558ab8765) and [docker](https://docs.docker.com/network/proxy/).
+Your site might require an outgoing proxy (i.e. HTTPS forward proxy) to connect to external servers; you should discuss this with your local systems administration. In that case, you will need to note down the URL of the proxy. If the proxy requires authentication, you will also need to make a note of its username and password. This information will be used later on during the installation process. Special characters in the proxy values, e.g. in the access credentials, must be [URL-encoded](https://en.wikipedia.org/wiki/Percent-encoding), e.g. by replacing `@` with `%40`, `/` with `%2F` and so on. TLS terminating proxies are also supported, see [here](#tls-terminating-proxies). Apart from the Bridgehead itself, you may also need to configure the proxy server in [git](https://gist.github.com/evantoli/f8c23a37eb3558ab8765) and [docker](https://docs.docker.com/network/proxy/).
 
 The following URLs need to be accessible (prefix with `https://`):
 * To fetch code and configuration from git repositories
@@ -536,6 +536,8 @@ and restart the docker daemon:
 sudo systemctl restart docker
 ```
 
+Please note that special characters in the proxy value, such as `#?!()[]{}`, must be double escaped using `%%`.
+
 For more information, please consult the [official documentation](https://docs.docker.com/config/daemon/systemd/#httphttps-proxy).
 
 ### Monitoring

bbmri/modules/directory-sync.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-if [ -n "${DS_DIRECTORY_USER_NAME}" ] || [ -n "${DS_DIRECTORY_USER_TOKEN}" ]; then
+if [ -n "${DS_DIRECTORY_USER_NAME}" ]; then
 	log INFO "Directory sync setup detected -- will start directory sync service."
 	OVERRIDE+=" -f ./$PROJECT/modules/directory-sync-compose.yml"
 fi

cce/modules/lens-compose.yml

@@ -3,8 +3,6 @@ services:
   lens:
     container_name: lens_federated-search
     image: samply/cce-explorer:main
-    environment:
-      PUBLIC_SPOT_URL: https://${HOST}/prod
     labels:
       - "traefik.http.services.lens.loadbalancer.server.port=3000"
       - "traefik.enable=true"

itcc/docker-compose.yml

@@ -15,7 +15,7 @@ services:
       - "blaze-data:/app/data"
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.blaze_itcc.rule=Host(`${HOST}`) && PathPrefix(`/itcc-localdatamanagement`)"
+      - "traefik.http.routers.blaze_itcc.rule=PathPrefix(`/itcc-localdatamanagement`)"
       - "traefik.http.middlewares.itcc_b_strip.stripprefix.prefixes=/itcc-localdatamanagement"
       - "traefik.http.services.blaze_itcc.loadbalancer.server.port=8080"
       - "traefik.http.routers.blaze_itcc.middlewares=itcc_b_strip,auth"
@@ -34,6 +34,7 @@ services:
       EPSILON: 0.28
       QUERIES_TO_CACHE: '/queries_to_cache.conf'
       ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
+      CQL_PROJECTS_ENABLED: "itcc"
     volumes:
       - /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf:ro
     depends_on:

itcc/modules/itcc-omics-ingest.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-
-if [ -n "$ENABLE_OMICS" ];then
-  OVERRIDE+=" -f ./$PROJECT/modules/itcc-omics-ingest.yaml"
-  GENERATE_API_KEY="$(generate_simple_password 'omics')"
-fi

itcc/modules/itcc-omics-ingest.yaml

@@ -1,14 +0,0 @@
-services:
-  omics-endpoint:
-    image: ghcr.io/samply/itcc-omics-ingest:main
-    environment:
-      - API_KEY=${GENERATE_API_KEY}
-    volumes:
-      - /var/cache/bridgehead/omics/data:/data/uploads
-    labels:
-      - "traefik.http.routers.omics.rule=Host(`${HOST}`) && PathPrefix(`/api/omics`)"
-      - "traefik.enable=true"
-      - "traefik.http.services.omics.loadbalancer.server.port=6080"
-      - "traefik.http.routers.omics.tls=true"
-      - "traefik.http.middlewares.omics-stripprefix.stripprefix.prefixes=/api"
-      - "traefik.http.routers.omics.middlewares=omics-stripprefix"

itcc/modules/lens-compose.yml

@@ -1,47 +1,33 @@
 version: "3.7"
 services:
-  itcc-explorer:
-    container_name: lens_itcc_explorer
-    image: samply/itcc-explorer:main
-    environment:
-      HOST: "0.0.0.0"
-      BIND_ADDR: "0.0.0.0:3000"
-      PUBLIC_ENVIRONMENT: ${PUBLIC_ENVIRONMENT}
+  landing:
+    container_name: lens_federated-search
+    image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.itcc.rule=Host(`${HOST}`) && PathPrefix(`/`)"
-      - "traefik.http.routers.itcc.entrypoints=websecure"
-      - "traefik.http.services.itcc.loadbalancer.server.port=3000"
-      - "traefik.http.routers.itcc.tls=true"
+      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
+      - "traefik.http.services.landing.loadbalancer.server.port=80"
+      - "traefik.http.routers.landing.tls=true"
 
   spot:
-    image: samply/rustyspot:latest
+    image: docker.verbis.dkfz.de/ccp-private/central-spot
     environment:
       BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
-      BEAM_PROXY_URL: http://beam-proxy:8081
+      BEAM_URL: http://beam-proxy:8081
       BEAM_PROXY_ID: ${SITE_ID}
       BEAM_BROKER_ID: ${BROKER_ID}
-      BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}"
-      CORS_ORIGIN: "https://${HOST}"
-      SITES: ${SITES}
-      TRANSFORM: LENS
-      PROJECT: "itcc"
-      BIND_ADDR: 0.0.0.0:8055
+      BEAM_APP_ID: "focus"
+      PROJECT_METADATA: "itcc"
     depends_on:
       - "beam-proxy"
     labels:
       - "traefik.enable=true"
-      - "traefik.http.services.spot.loadbalancer.server.port=8055"
+      - "traefik.http.services.spot.loadbalancer.server.port=8080"
       - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
-      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type"
       - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
       - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
       - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
-      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)"
-      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod"
+      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
+      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
       - "traefik.http.routers.spot.tls=true"
       - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth"
-
-  beam-proxy:
-    environment:
-      APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT}

itcc/vars

@@ -6,7 +6,6 @@ FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
 SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 BROKER_URL_FOR_PREREQ=$BROKER_URL
-PUBLIC_ENVIRONMENT=prod
 
 for module in $PROJECT/modules/*.sh
 do

kr/docker-compose.yml

@@ -12,8 +12,7 @@ services:
       BASE_URL: "http://bridgehead-kr-blaze:8080"
       JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
       DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
-      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
-      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
+      DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP
       ENFORCE_REFERENTIAL_INTEGRITY: "false"
     volumes:
       - "blaze-data:/app/data"

kr/modules/export-and-qb.curl-templates

@@ -0,0 +1,6 @@
+# Full Excel Export
+curl --location --request POST 'https://${HOST}/ccp-exporter/request?query=Patient&query-format=FHIR_PATH&template-id=ccp&output-format=EXCEL' \
+--header 'x-api-key: ${EXPORT_API_KEY}'
+
+# QB
+curl --location --request POST 'https://${HOST}/ccp-reporter/generate?template-id=ccp'

kr/modules/lens-compose.yml

@@ -4,41 +4,32 @@ services:
     deploy:
       replicas: 1 #reactivate if lens is in use
     container_name: lens_federated-search
-    image: docker.verbis.dkfz.de/ccp/kr-explorer:main
-    environment:
-      PUBLIC_SPOT_URL: https://${HOST}/prod
+    image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
     labels:
-      - "traefik.http.services.lens.loadbalancer.server.port=3000"
       - "traefik.enable=true"
-      - "traefik.http.routers.lens.rule=Host(`${HOST}`)"
-      - "traefik.http.routers.lens.tls=true"
+      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
+      - "traefik.http.services.landing.loadbalancer.server.port=80"
+      - "traefik.http.routers.landing.tls=true"
 
   spot:
-    image: samply/rustyspot:latest
+    image: docker.verbis.dkfz.de/ccp-private/central-spot
     environment:
       BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
-      BEAM_PROXY_URL: http://beam-proxy:8081
-      BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}"
-      CORS_ORIGIN: "https://${HOST}"
-      SITES: ${SITES}
-      TRANSFORM: LENS
-      PROJECT: kr
-      BIND_ADDR: 0.0.0.0:8055
+      BEAM_URL: http://beam-proxy:8081
+      BEAM_PROXY_ID: ${SITE_ID}
+      BEAM_BROKER_ID: ${BROKER_ID}
+      BEAM_APP_ID: "focus"
+      PROJECT_METADATA: "kr_supervisors"
     depends_on:
       - "beam-proxy"
     labels:
       - "traefik.enable=true"
-      - "traefik.http.services.spot.loadbalancer.server.port=8055"
+      - "traefik.http.services.spot.loadbalancer.server.port=8080"
       - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
-      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type"
       - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
       - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
       - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
-      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)"
-      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod"
+      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
+      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
       - "traefik.http.routers.spot.tls=true"
-      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth"
-
-  beam-proxy:
-    environment:
-      APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT}
+      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot"

kr/modules/obds2fhir-rest-compose.yml

@@ -3,7 +3,7 @@ version: "3.7"
 services:
   obds2fhir-rest:
     container_name: bridgehead-obds2fhir-rest
-    image: docker.verbis.dkfz.de/samply/obds2fhir-rest:main
+    image: docker.verbis.dkfz.de/ccp/obds2fhir-rest:main
     environment:
       IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID
       MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}

kr/vars

@@ -3,7 +3,7 @@ BROKER_URL=https://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
 FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
-SUPPORT_EMAIL=p.delpy@dkfz-heidelberg.de
+SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 BROKER_URL_FOR_PREREQ=$BROKER_URL
 

lib/functions.sh

@@ -9,15 +9,6 @@ detectCompose() {
 	fi
 }
 
-# Encodes all characters not in unrestricted character set of RFC3986 Section 2.3
-urlencode() {
-  for ((i=0;i<${#1};i++)); do
-    local c=${1:i:1}
-    [[ "$c" =~ [a-zA-Z0-9._~-] ]] && printf '%s' "$c" || printf '%%%02X' "'$c"
-  done
-  echo
-}
-
 setupProxy() {
 	### Note: As the current data protection concepts do not allow communication via HTTP,
 	### we are not setting a proxy for HTTP requests.
@@ -31,12 +22,9 @@ setupProxy() {
 		HTTPS_PROXY_HOST="$(echo $hostport | sed -e 's,:.*,,g')"
 		HTTPS_PROXY_PORT="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')"
 		if [[ ! -z "$HTTPS_PROXY_USERNAME" && ! -z "$HTTPS_PROXY_PASSWORD" ]]; then
-			local ESCAPED_PASSWORD="$(echo $HTTPS_PROXY_PASSWORD | od -An -v -t x1 | sed -e 's/[[:space:]]//g' -e 's/\([0-9a-f][0-9a-f]\)/%\1/g' | tr -d '\n')"
-			local CURL_ESCAPED_PW="$(urlencode $HTTPS_PROXY_PASSWORD)"
 			local proto="$(echo $HTTPS_PROXY_URL | grep :// | sed -e 's,^\(.*://\).*,\1,g')"
 			local fqdn="$(echo ${HTTPS_PROXY_URL/$proto/})"
-			HTTPS_PROXY_FULL_URL="$(echo $proto$HTTPS_PROXY_USERNAME:$ESCAPED_PASSWORD@$fqdn)"
-			CURL_HTTPS_PROXY_FULL_URL="$(echo $proto$HTTPS_PROXY_USERNAME:$CURL_ESCAPED_PW@$fqdn)"
+			HTTPS_PROXY_FULL_URL="$(echo $proto$HTTPS_PROXY_USERNAME:$HTTPS_PROXY_PASSWORD@$fqdn)"
 			https="authenticated"
 		else
 			HTTPS_PROXY_FULL_URL=$HTTPS_PROXY_URL
@@ -45,7 +33,7 @@ setupProxy() {
 	fi
 
 	log INFO "Configuring proxy servers: $http http proxy (we're not supporting unencrypted comms), $https https proxy"
-	export HTTPS_PROXY_HOST HTTPS_PROXY_PORT HTTPS_PROXY_FULL_URL CURL_HTTPS_PROXY_FULL_URL
+	export HTTPS_PROXY_HOST HTTPS_PROXY_PORT HTTPS_PROXY_FULL_URL
 }
 
 exitIfNotRoot() {

lib/monitoring.sh

@@ -47,8 +47,8 @@ function hc_send(){
 
     if [ -n "$2" ]; then
         MSG="$2\n\nDocker stats:\n$UPTIME"
-        echo -e "$MSG" | https_proxy=$CURL_HTTPS_PROXY_FULL_URL curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null -X POST --data-binary @- "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1"
+        echo -e "$MSG" | https_proxy=$HTTPS_PROXY_FULL_URL curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null -X POST --data-binary @- "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1"
     else
-        https_proxy=$CURL_HTTPS_PROXY_FULL_URL curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1"
+        https_proxy=$HTTPS_PROXY_FULL_URL curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1"
     fi
 }

lib/prerequisites.sh

@@ -71,7 +71,7 @@ source ${PROJECT}/vars
 
 if [ "${PROJECT}" != "minimal" ]; then
   set +e
-  SERVERTIME="$(https_proxy=$CURL_HTTPS_PROXY_FULL_URL curl -m 5 -s -I $BROKER_URL_FOR_PREREQ 2>&1 | grep -i -e '^Date: ' | sed -e 's/^Date: //i')"
+  SERVERTIME="$(https_proxy=$HTTPS_PROXY_FULL_URL curl -m 5 -s -I $BROKER_URL_FOR_PREREQ 2>&1 | grep -i -e '^Date: ' | sed -e 's/^Date: //i')"
   RET=$?
   set -e
   if [ $RET -ne 0 ]; then

lib/tests/test_proxyparsing.sh

@@ -1,123 +0,0 @@
-source ../functions.sh
-
-test_setupProxy() {
-  # simple logger for tests
-  log() { :; }
-
-  local failures=0
-  local total=0
-
-  assert_eq() {
-    local label="$1" got="$2" expected="$3"
-    total=$((total + 1))
-    if [[ "$got" != "$expected" ]]; then
-      failures=$((failures + 1))
-      printf 'FAIL: %s\n  got:      %q\n  expected: %q\n\n' "$label" "$got" "$expected"
-    else
-      printf 'ok: %s\n' "$label"
-    fi
-  }
-
-  run_case() {
-    local name="$1"
-    local url="$2"
-    local u="$3"
-    local p="$4"
-    local exp_host="$5"
-    local exp_port="$6"
-    local exp_full="$7"
-
-    HTTPS_PROXY_URL="$url"
-    HTTPS_PROXY_USERNAME="$u"
-    HTTPS_PROXY_PASSWORD="$p"
-
-    setupProxy >/dev/null 2>&1
-
-    assert_eq "$name host" "$HTTPS_PROXY_HOST" "$exp_host"
-    assert_eq "$name port" "$HTTPS_PROXY_PORT" "$exp_port"
-    assert_eq "$name full" "$HTTPS_PROXY_FULL_URL" "$exp_full"
-  }
-
-  echo "Running setupProxy tests..."
-  echo
-
-  # 1) Basic https host:port
-  run_case "basic https" \
-    "https://proxy.example.org:8443" "" "" \
-    "proxy.example.org" "8443" \
-    "https://proxy.example.org:8443"
-
-  # 2) https without port -> default 443
-  run_case "https no port" \
-    "https://proxy.example.org" "" "" \
-    "proxy.example.org" "443" \
-    "https://proxy.example.org"
-
-  # 3) no scheme, host:port -> defaults scheme=https
-  run_case "no scheme hostport" \
-    "proxy.example.org:3128" "" "" \
-    "proxy.example.org" "3128" \
-    "https://proxy.example.org:3128"
-
-  # 4) URL with path/query/fragment
-  run_case "ignores path" \
-    "https://proxy.example.org:8443/some/path?x=1#y" "" "" \
-    "proxy.example.org" "8443" \
-    "https://proxy.example.org:8443"
-
-  # 5) explicit env creds inserted
-  run_case "env creds override" \
-    "https://proxy.example.org:8443" "alice" "secret" \
-    "proxy.example.org" "8443" \
-    "https://alice:secret@proxy.example.org:8443"
-
-  # 6) embedded creds used if env creds absent
-  run_case "embedded creds" \
-    "https://bob:pw@proxy.example.org:8443" "" "" \
-    "proxy.example.org" "8443" \
-    "https://bob:pw@proxy.example.org:8443"
-
-  # 7) env creds override embedded creds
-  run_case "env overrides embedded" \
-    "https://bob:pw@proxy.example.org:8443" "alice" "secret" \
-    "proxy.example.org" "8443" \
-    "https://alice:secret@proxy.example.org:8443"
-
-  # 8) IPv6 literal with port
-  run_case "ipv6 with port" \
-    "https://[2001:db8::1]:8080" "" "" \
-    "2001:db8::1" "8080" \
-    "https://[2001:db8::1]:8080"
-
-  # 9) IPv6 literal without port -> default 443
-  run_case "ipv6 no port" \
-    "https://[2001:db8::1]" "" "" \
-    "2001:db8::1" "443" \
-    "https://[2001:db8::1]"
-
-  # 10) http scheme rejected -> outputs empty
-  HTTPS_PROXY_URL="http://proxy.example.org:8080"
-  HTTPS_PROXY_USERNAME=""
-  HTTPS_PROXY_PASSWORD=""
-  setupProxy >/dev/null 2>&1
-  assert_eq "http rejected host" "${HTTPS_PROXY_HOST:-}" ""
-  assert_eq "http rejected port" "${HTTPS_PROXY_PORT:-}" ""
-  assert_eq "http rejected full" "${HTTPS_PROXY_FULL_URL:-}" ""
-
-  # 11) empty URL -> outputs empty but no failure
-  HTTPS_PROXY_URL=""
-  setupProxy >/dev/null 2>&1
-  assert_eq "empty url host" "${HTTPS_PROXY_HOST:-}" ""
-  assert_eq "empty url port" "${HTTPS_PROXY_PORT:-}" ""
-  assert_eq "empty url full" "${HTTPS_PROXY_FULL_URL:-}" ""
-
-  echo
-  echo "Tests complete: $((total - failures))/$total passed."
-  if (( failures > 0 )); then
-    echo "Some tests failed."
-    return 1
-  fi
-  return 0
-}
-
-test_setupProxy

minimal/docker-compose.yml

@@ -32,7 +32,7 @@ services:
 
   forward_proxy:
     container_name: bridgehead-forward-proxy
-    image: samply/bridgehead-forward-proxy:pr-16
+    image: docker.verbis.dkfz.de/cache/samply/bridgehead-forward-proxy:latest
     environment:
       HTTPS_PROXY: ${HTTPS_PROXY_URL}
       HTTPS_PROXY_USERNAME: ${HTTPS_PROXY_USERNAME}

pscc/modules/osiris2fhir-compose.yml

@@ -1,13 +0,0 @@
-services:
-  osiris2fhir:
-    container_name: bridgehead-osiris2fhir
-    image: docker.verbis.dkfz.de/ccp/osiris2fhir:${SITE_ID}
-    environment:
-      SALT: ${LOCAL_SALT}
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.osiris2fhir.rule=PathPrefix(`/osiris2fhir`)"
-      - "traefik.http.middlewares.osiris2fhir_strip.stripprefix.prefixes=/osiris2fhir"
-      - "traefik.http.services.osiris2fhir.loadbalancer.server.port=8080"
-      - "traefik.http.routers.osiris2fhir.tls=true"
-      - "traefik.http.routers.osiris2fhir.middlewares=osiris2fhir_strip,auth"

pscc/modules/osiris2fhir-setup.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-if [ -n "$ENABLE_OSIRIS2FHIR" ]; then
-  log INFO "oBDS2FHIR-REST setup detected -- will start osiris2fhir module."
-  OVERRIDE+=" -f ./pscc/modules/osiris2fhir-compose.yml"
-  LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
-fi