mirror of
https://github.com/samply/bridgehead.git
synced 2025-06-16 16:10:14 +02:00
Compare commits
13 Commits
refactor/d
...
fix/kr-dea
| Author | SHA1 | Date | |
|---|---|---|---|
| 87d3e8ee53 | |||
| 354733f7ea | |||
| 1df50ffd6b | |||
| bdd195f264 | |||
| 647866f87a | |||
| 5611de5c33 | |||
| 8523c46414 | |||
| df433e9b06 | |||
| acb9a31823 | |||
| b590029e01 | |||
| 786a59f2f1 | |||
| eab022212f | |||
| 8c2ce8493c |
@ -121,38 +121,42 @@ services:
|
||||
oauth2-proxy:
|
||||
image: docker.verbis.dkfz.de/cache/oauth2-proxy/oauth2-proxy:latest
|
||||
container_name: bridgehead-oauth2proxy
|
||||
environment:
|
||||
- http_proxy=http://forward_proxy:3128
|
||||
- https_proxy=http://forward_proxy:3128
|
||||
- OAUTH2_PROXY_ALLOWED_GROUPS=DataSHIELD
|
||||
- OAUTH2_PROXY_OIDC_GROUPS_CLAIM=${OIDC_GROUP_CLAIM}
|
||||
- OAUTH2_PROXY_WHITELIST_DOMAIN=${HOST}
|
||||
- OAUTH2_PROXY_HTTP_ADDRESS=:4180
|
||||
- OAUTH2_PROXY_REVERSE_PROXY=true
|
||||
- OAUTH2_PROXY_UPSTREAMS=static://202
|
||||
- OAUTH2_PROXY_EMAIL_DOMAINS=*
|
||||
- OAUTH2_PROXY_COOKIE_NAME=_BRIDGEHEAD_oauth2
|
||||
- OAUTH2_PROXY_COOKIE_SECRET=${OAUTH2_PROXY_SECRET}
|
||||
- OAUTH2_PROXY_COOKIE_EXPIRE=12h
|
||||
command: >-
|
||||
--allowed-group=DataSHIELD
|
||||
--oidc-groups-claim=${OIDC_GROUP_CLAIM}
|
||||
--auth-logging=true
|
||||
--whitelist-domain=${HOST}
|
||||
--http-address="0.0.0.0:4180"
|
||||
--reverse-proxy=true
|
||||
--upstream="static://202"
|
||||
--email-domain="*"
|
||||
--cookie-name="_BRIDGEHEAD_oauth2"
|
||||
--cookie-secret="${OAUTH2_PROXY_SECRET}"
|
||||
--cookie-expire="12h"
|
||||
--cookie-secure="true"
|
||||
--cookie-httponly="true"
|
||||
#OIDC settings
|
||||
- OAUTH2_PROXY_PROVIDER=keycloak-oidc
|
||||
- OAUTH2_PROXY_PROVIDER_DISPLAY_NAME="VerbIS Login"
|
||||
- OAUTH2_PROXY_CLIENT_ID=${OIDC_PRIVATE_CLIENT_ID}
|
||||
- OAUTH2_PROXY_CLIENT_SECRET=${OIDC_CLIENT_SECRET}
|
||||
- OAUTH2_PROXY_REDIRECT_URL="https://${HOST}${OAUTH2_CALLBACK}"
|
||||
- OAUTH2_PROXY_OIDC_ISSUER_URL=${OIDC_ISSUER_URL}
|
||||
- OAUTH2_PROXY_SCOPE=openid profile email
|
||||
- OAUTH2_PROXY_CODE_CHALLENGE_METHOD=true
|
||||
- OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
|
||||
--provider="keycloak-oidc"
|
||||
--provider-display-name="VerbIS Login"
|
||||
--client-id="${OIDC_PRIVATE_CLIENT_ID}"
|
||||
--client-secret="${OIDC_CLIENT_SECRET}"
|
||||
--redirect-url="https://${HOST}${OAUTH2_CALLBACK}"
|
||||
--oidc-issuer-url="${OIDC_ISSUER_URL}"
|
||||
--scope="openid email profile"
|
||||
--code-challenge-method="S256"
|
||||
--skip-provider-button=true
|
||||
#X-Forwarded-Header settings - true/false depending on your needs
|
||||
- OAUTH2_PROXY_PASS_BASIC_AUTH=true
|
||||
- OAUTH2_PROXY_PASS_USER_HEADERS=false
|
||||
- OAUTH2_PROXY_ACCESS_TOKEN=false
|
||||
--pass-basic-auth=true
|
||||
--pass-user-headers=false
|
||||
--pass-access-token=false
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.oauth2_proxy.rule=PathPrefix(`/oauth2`)"
|
||||
- "traefik.http.routers.oauth2_proxy.rule=Host(`${HOST}`) && PathPrefix(`/oauth2`)"
|
||||
- "traefik.http.services.oauth2_proxy.loadbalancer.server.port=4180"
|
||||
- "traefik.http.routers.oauth2_proxy.tls=true"
|
||||
environment:
|
||||
http_proxy: "http://forward_proxy:3128"
|
||||
https_proxy: "http://forward_proxy:3128"
|
||||
depends_on:
|
||||
forward_proxy:
|
||||
condition: service_healthy
|
||||
|
||||
@ -19,18 +19,10 @@ services:
|
||||
- traefik-forward-auth
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
# Router with Authentication
|
||||
- "traefik.http.routers.id-manager.rule=PathPrefix(`/id-manager`)"
|
||||
- "traefik.http.services.id-manager.loadbalancer.server.port=8080"
|
||||
- "traefik.http.routers.id-manager.tls=true"
|
||||
- "traefik.http.routers.id-manager.middlewares=traefik-forward-auth-idm"
|
||||
- "traefik.http.routers.id-manager.service=id-manager-service"
|
||||
# Router without Authentication
|
||||
- "traefik.http.routers.id-manager-compatibility.rule=PathPrefix(`/id-manager/paths/translator/getIds`)"
|
||||
- "traefik.http.routers.id-manager-compatibility.tls=true"
|
||||
- "traefik.http.routers.id-manager-compatibility.service=id-manager-service"
|
||||
# Definition of Service
|
||||
- "traefik.http.services.id-manager-service.loadbalancer.server.port=8080"
|
||||
- "traefik.http.services.id-manager-service.loadbalancer.server.scheme=http"
|
||||
|
||||
patientlist:
|
||||
image: docker.verbis.dkfz.de/bridgehead/mainzelliste
|
||||
@ -65,7 +57,7 @@ services:
|
||||
- "/tmp/bridgehead/patientlist/:/docker-entrypoint-initdb.d/"
|
||||
|
||||
traefik-forward-auth:
|
||||
image: docker.verbis.dkfz.de/cache/oauth2-proxy/oauth2-proxy:latest
|
||||
image: docker.verbis.dkfz.de/cache/oauth2-proxy/oauth2-proxy:v7.6.0
|
||||
environment:
|
||||
- http_proxy=http://forward_proxy:3128
|
||||
- https_proxy=http://forward_proxy:3128
|
||||
@ -75,7 +67,6 @@ services:
|
||||
- OAUTH2_PROXY_CLIENT_ID=bridgehead-${SITE_ID}
|
||||
- OAUTH2_PROXY_CLIENT_SECRET=${IDMANAGER_AUTH_CLIENT_SECRET}
|
||||
- OAUTH2_PROXY_COOKIE_SECRET=${IDMANAGER_AUTH_COOKIE_SECRET}
|
||||
- OAUTH2_PROXY_COOKIE_NAME=_BRIDGEHEAD_oauth2_idm
|
||||
- OAUTH2_PROXY_COOKIE_DOMAINS=.${HOST}
|
||||
- OAUTH2_PROXY_HTTP_ADDRESS=:4180
|
||||
- OAUTH2_PROXY_REVERSE_PROXY=true
|
||||
|
||||
@ -1,6 +1,10 @@
|
||||
version: "3.7"
|
||||
|
||||
services:
|
||||
landing:
|
||||
deploy:
|
||||
replicas: 0 #deactivate landing page
|
||||
|
||||
blaze:
|
||||
image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
|
||||
container_name: bridgehead-kr-blaze
|
||||
|
||||
@ -1,6 +1,8 @@
|
||||
version: "3.7"
|
||||
services:
|
||||
landing:
|
||||
deploy:
|
||||
replicas: 1 #reactivate if lens is in use
|
||||
container_name: lens_federated-search
|
||||
image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
|
||||
labels:
|
||||
|
||||
Reference in New Issue
Block a user