version: "3.7"

services:
  traefik:
    container_name: bridgehead-traefik
    image: docker.verbis.dkfz.de/cache/traefik:latest
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --providers.file.directory=/configuration/
      - --api.dashboard=true
      - --accesslog=true
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.tls=true"
      - "traefik.http.routers.dashboard.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}"
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/bridgehead/traefik-tls:/certs:ro
      - ../lib/traefik-configuration/:/configuration:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro

  forward_proxy:
    container_name: bridgehead-forward-proxy
    image: docker.verbis.dkfz.de/cache/samply/bridgehead-forward-proxy:latest
    environment:
      HTTPS_PROXY: ${HTTPS_PROXY_URL}
      USERNAME: ${HTTPS_PROXY_USERNAME}
      PASSWORD: ${HTTPS_PROXY_PASSWORD}
    volumes:
      - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro

  landing:
    container_name: bridgehead-landingpage
    image: docker.verbis.dkfz.de/cache/samply/bridgehead-landingpage:master
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
      - "traefik.http.services.landing.loadbalancer.server.port=80"
      - "traefik.http.routers.landing.tls=true"
    environment:
      HOST: ${HOST}
      PROJECT: ${PROJECT}
      SITE_NAME: ${SITE_NAME}

  blaze:
    image: docker.verbis.dkfz.de/cache/samply/blaze:0.19
    container_name: bridgehead-ccp-blaze
    environment:
      BASE_URL: "http://bridgehead-ccp-blaze:8080"
      JAVA_TOOL_OPTIONS: "-Xmx4g"
      LOG_LEVEL: "debug"
      ENFORCE_REFERENTIAL_INTEGRITY: "false"
    volumes:
      - "blaze-data:/app/data"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)"
      - "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement"
      - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080"
      - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth"
      - "traefik.http.routers.blaze_ccp.tls=true"

  spot:
    image: docker.verbis.dkfz.de/cache/samply/spot:latest
    container_name: bridgehead-spot
    environment:
      SECRET: ${SPOT_BEAM_SECRET_LONG}
      APPID: spot
      PROXY_ID: ${PROXY_ID}
      LDM_URL: http://bridgehead-ccp-blaze:8080/fhir
      BEAM_PROXY: http://beam-proxy:8081
    depends_on:
      - "beam-proxy"
      - "blaze"

  beam-proxy:
    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
    container_name: bridgehead-beam-proxy
    environment:
      BROKER_URL: ${BROKER_URL}
      PROXY_ID: ${PROXY_ID}
      APP_0_ID: spot
      APP_0_KEY: ${SPOT_BEAM_SECRET_SHORT}
      APP_1_ID: report-hub
      APP_1_KEY: ${REPORTHUB_BEAM_SECRET_SHORT}
      PRIVKEY_FILE: /run/secrets/proxy.pem
      ALL_PROXY: http://forward_proxy:3128
      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
      ROOTCERT_FILE: /conf/root.crt.pem
    secrets:
      - proxy.pem
    depends_on:
      - "forward_proxy"
    volumes:
      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
      - ./root.crt.pem:/conf/root.crt.pem:ro


volumes:
  blaze-data:

secrets:
  proxy.pem:
    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem