samply/bridgehead
1
0
Fork 0
mirror of https://github.com/samply/bridgehead.git synced 2026-04-01 01:00:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
c504cddff0bcdf4ab1644bd75153c9368db5be57
bridgehead/ccp/modules/ovis-compose.yml
tm16-medma c504cddff0 Update OVIS frontend configuration in ovis-compose.yml 
Replaced the APP_DOMAIN variable with ORIGIN for improved clarity in the OVIS frontend service configuration. Additionally, removed the stripprefix middleware from the Traefik router setup to streamline routing and enhance service management.
2026-03-30 16:05:44 +02:00

105 lines
4.4 KiB
YAML
Raw Blame History

version: "3.7"
services:
ovis-traefik-forward-auth:
image: docker.verbis.dkfz.de/cache/oauth2-proxy/oauth2-proxy:latest
environment:
- http_proxy=http://forward_proxy:3128
- https_proxy=http://forward_proxy:3128
- OAUTH2_PROXY_PROVIDER=oidc
- OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
- OAUTH2_PROXY_OIDC_ISSUER_URL=${OIDC_PRIVATE_URL}
- OAUTH2_PROXY_CLIENT_ID=${OIDC_PRIVATE_CLIENT_ID}
- OAUTH2_PROXY_CLIENT_SECRET=${OIDC_CLIENT_SECRET}
- OAUTH2_PROXY_COOKIE_SECRET=${OVIS_AUTH_COOKIE_SECRET}
- OAUTH2_PROXY_COOKIE_NAME=_BRIDGEHEAD_oauth2_ovis
- OAUTH2_PROXY_COOKIE_DOMAINS=.${HOST}
- OAUTH2_PROXY_COOKIE_REFRESH=4m
- OAUTH2_PROXY_COOKIE_EXPIRE=24h
- OAUTH2_PROXY_HTTP_ADDRESS=:4180
- OAUTH2_PROXY_REVERSE_PROXY=true
- OAUTH2_PROXY_WHITELIST_DOMAINS=.${HOST}
- OAUTH2_PROXY_UPSTREAMS=static://202
- OAUTH2_PROXY_EMAIL_DOMAINS=*
- OAUTH2_PROXY_SCOPE=openid profile email
- OAUTH2_PROXY_SET_AUTHORIZATION_HEADER=true
- OAUTH2_PROXY_SET_XAUTHREQUEST=true
- OAUTH2_PROXY_ALLOWED_GROUPS=${OIDC_USER_GROUP}
- OAUTH2_PROXY_OIDC_GROUPS_CLAIM=${OIDC_GROUP_CLAIM}
- OAUTH2_PROXY_PROXY_PREFIX=/oauth2-ovis
labels:
- "traefik.enable=true"
- "traefik.http.services.ovis-traefik-forward-auth.loadbalancer.server.port=4180"
- "traefik.http.routers.ovis-traefik-forward-auth.rule=Host(`${HOST}`) && PathPrefix(`/oauth2-ovis`)"
- "traefik.http.routers.ovis-traefik-forward-auth.tls=true"
- "traefik.http.middlewares.traefik-forward-auth-ovis.forwardauth.address=http://ovis-traefik-forward-auth:4180"
- "traefik.http.middlewares.traefik-forward-auth-ovis.forwardauth.authResponseHeaders=Authorization"
depends_on:
forward_proxy:
condition: service_healthy
ovis-backend-database-mongodb:
image: docker.verbis.dkfz.de/ovis/ovis-backend-mongodb:latest
container_name: bridgehead-ccp-ovis-mongo
ovis-backend-mongodb-data-preprocessing:
image: docker.verbis.dkfz.de/ovis/ovis-backend-preprocessor:latest
container_name: bridgehead-ccp-ovis-preprocessing
environment:
ADDRESS: mongodb://ovis-backend-database-mongodb:27017
depends_on:
- ovis-backend-database-mongodb
healthcheck:
test: ["CMD-SHELL", "node -e \"require('http').get('http://localhost:9000/health', res => process.exit(res.statusCode===200?0:1)).on('error', () => process.exit(1));\""]
interval: 10s
timeout: 5s
retries: 6
start_period: 5s
ovis-backend-data-import:
image: docker.verbis.dkfz.de/ovis/ovis-backend-data-import-ccp:latest
container_name: bridgehead-ccp-ovis-import
depends_on:
ovis-backend-mongodb-data-preprocessing:
condition: service_healthy
environment:
FHIR_SERVER_URL: http://bridgehead-ccp-blaze:8080/fhir
ovis-backend-apollo:
image: docker.verbis.dkfz.de/ovis/ovis-backend-apollo:latest
container_name: bridgehead-ccp-ovis-backend
environment:
ADDRESS: mongodb://ovis-backend-database-mongodb:27017
depends_on:
- ovis-backend-database-mongodb
- ovis-backend-mongodb-data-preprocessing
- ovis-backend-data-import
healthcheck:
test: ["CMD-SHELL", "test -d /app/node_modules/mongodb"]
interval: 10s
timeout: 5s
retries: 5
# Internal only - no direct Traefik exposure. GraphQL is accessed via frontend internal proxy.
ovis-frontend:
image: docker.verbis.dkfz.de/ovis/ovis-frontend:latest
container_name: bridgehead-ccp-ovis-frontend
environment:
OVIS_PUBLIC_BASE_PATH: /ccp-ovis
PUBLIC_LOGIN_ENABLED: "false"
PUBLIC_OVIS_IMPORT: ccp
ORIGIN: https://${HOST}
depends_on:
ovis-backend-apollo:
condition: service_healthy
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.ovis-frontend-ccp-slash-redirect.redirectregex.regex=^https?://([^/]+)/ccp-ovis$"
- "traefik.http.middlewares.ovis-frontend-ccp-slash-redirect.redirectregex.replacement=https://$${1}/ccp-ovis/"
- "traefik.http.middlewares.ovis-frontend-ccp-slash-redirect.redirectregex.permanent=true"
- "traefik.http.routers.ovis-frontend-ccp.tls=true"
- "traefik.http.routers.ovis-frontend-ccp.rule=PathPrefix(`/ccp-ovis`)"
- "traefik.http.routers.ovis-frontend-ccp.middlewares=traefik-forward-auth-ovis,ovis-frontend-ccp-slash-redirect"
- "traefik.http.services.ovis-frontend-ccp.loadbalancer.server.port=5173"
Reference in New Issue View Git Blame Copy Permalink