mirror of
https://github.com/samply/bridgehead.git
synced 2025-11-04 16:30:18 +01:00
721627a78f
* feat: migrate to new dnpm:dip node * hardcode dnpm connector type to broker * use `SITE_NAME` for dnpm `LOCAL_SITE` * host central targets in git * dnpm: add goettingen to central targets * dnpm: add uksh to central targets * dnpm: replace named volumes with fs volumes * chore: change dnpm images * chore: pin mysql * dnpm: Secure endpoints for ETL and p2p communications (#254) * fix authup redirect (#262) When a OIDC provider is configured, you'll get redirected to authup by Keycloak which redirects you to the DNPM:DIP. Currently the url looks like this: https://myserver/authup//someurl and produces an error. Manually removing the additional / fixes the issue. * Whitespace formatting --------- Co-authored-by: Niklas <niklas@ytvwld.de> Co-authored-by: Niklas Reimer <niklas@backbord.net> Co-authored-by: Martin Lablans <6804500+lablans@users.noreply.github.com>
62 lines
2.3 KiB
YAML
62 lines
2.3 KiB
YAML
version: "3.7"
|
|
|
|
services:
|
|
traefik:
|
|
container_name: bridgehead-traefik
|
|
image: docker.verbis.dkfz.de/cache/traefik:latest
|
|
command:
|
|
- --entrypoints.web.address=:80
|
|
- --entrypoints.websecure.address=:443
|
|
- --providers.docker=true
|
|
- --providers.docker.exposedbydefault=false
|
|
- --providers.file.directory=/configuration/
|
|
- --api.dashboard=false
|
|
- --accesslog=true
|
|
- --entrypoints.web.http.redirections.entrypoint.to=websecure
|
|
- --entrypoints.web.http.redirections.entrypoint.scheme=https
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.dashboard.rule=PathPrefix(`/dashboard/`)"
|
|
- "traefik.http.routers.dashboard.entrypoints=websecure"
|
|
- "traefik.http.routers.dashboard.service=api@internal"
|
|
- "traefik.http.routers.dashboard.tls=true"
|
|
- "traefik.http.routers.dashboard.middlewares=auth"
|
|
- "traefik.http.middlewares.auth.basicauth.users=${LDM_AUTH}"
|
|
ports:
|
|
- 80:80
|
|
- 443:443
|
|
volumes:
|
|
- /etc/bridgehead/traefik-tls:/certs:ro
|
|
- ../lib/traefik-configuration/:/configuration:ro
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
|
|
forward_proxy:
|
|
container_name: bridgehead-forward-proxy
|
|
image: docker.verbis.dkfz.de/cache/samply/bridgehead-forward-proxy:latest
|
|
environment:
|
|
HTTPS_PROXY: ${HTTPS_PROXY_URL}
|
|
HTTPS_PROXY_USERNAME: ${HTTPS_PROXY_USERNAME}
|
|
HTTPS_PROXY_PASSWORD: ${HTTPS_PROXY_PASSWORD}
|
|
tmpfs:
|
|
- /var/log/squid
|
|
- /var/spool/squid
|
|
volumes:
|
|
- /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro
|
|
healthcheck:
|
|
# Wait 1s before marking this service healthy. Required for the oauth2-proxy to talk to the OIDC provider on startup which will fail if the forward proxy is not started yet.
|
|
test: ["CMD", "sleep", "1"]
|
|
|
|
landing:
|
|
container_name: bridgehead-landingpage
|
|
image: docker.verbis.dkfz.de/cache/samply/bridgehead-landingpage:main
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.landing.rule=PathPrefix(`/`)"
|
|
- "traefik.http.services.landing.loadbalancer.server.port=80"
|
|
- "traefik.http.routers.landing.tls=true"
|
|
environment:
|
|
HOST: ${HOST}
|
|
PROJECT: ${PROJECT}
|
|
SITE_NAME: ${SITE_NAME}
|
|
ENVIRONMENT: ${ENVIRONMENT}
|