Added WIP spot and beam proxy

This commit is contained in:
Patrick Skowronek 2022-09-07 11:09:53 +02:00
parent 33ffecb3a2
commit 5c2c76e759
2 changed files with 28 additions and 29 deletions

View File

@ -7,7 +7,8 @@ services:
command: command:
- --entrypoints.web.address=:80 - --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443 - --entrypoints.websecure.address=:443
- --providers.docker=true - --api.dashboard=true - --providers.docker=true
- --api.dashboard=true
- --accesslog=true # print access-logs - --accesslog=true # print access-logs
- --entrypoints.web.http.redirections.entrypoint.to=websecure - --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https - --entrypoints.web.http.redirections.entrypoint.scheme=https
@ -51,7 +52,7 @@ services:
image: "samply/blaze:0.17" image: "samply/blaze:0.17"
container_name: bridgehead-ccp-blaze container_name: bridgehead-ccp-blaze
environment: environment:
BASE_URL: "http://blaze:8080" BASE_URL: "http://bridgehead-ccp-blaze:8080"
JAVA_TOOL_OPTIONS: "-Xmx4g" JAVA_TOOL_OPTIONS: "-Xmx4g"
LOG_LEVEL: "debug" LOG_LEVEL: "debug"
ENFORCE_REFERENTIAL_INTEGRITY: "false" ENFORCE_REFERENTIAL_INTEGRITY: "false"
@ -66,33 +67,23 @@ services:
- "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth" - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth"
- "traefik.http.routers.blaze_ccp.tls=true" - "traefik.http.routers.blaze_ccp.tls=true"
task-store: spot:
image: "samply/blaze:develop" image: "docker.verbis.dkfz.de/ccp-private/local-spot@sha256:9a80eeef29f08ecec947fc2df55a65424255e6d60105fee8ee0ef77db27af01c"
environment: environment:
BASE_URL: "http://localhost:8083" SECRET: ${SECRET}
JAVA_TOOL_OPTIONS: "-Xmx1g" APPID: ${APP_0_ID_SHORT}
LOG_LEVEL: "debug" PROXY_ID: ${PROXY_ID}
ports: LDM_URL: ${LDM_URL}
- "8083:8080" BEAM_PROXY: http://beam-proxy:8081
volumes: depends_on:
- "task-store-data:/app/data" - "beam-proxy"
- "blaze"
data-store: labels:
image: "samply/blaze:develop" - "traefik.enable=false"
environment:
BASE_URL: "http://localhost:8084"
JAVA_TOOL_OPTIONS: "-Xmx1g"
LOG_LEVEL: "debug"
ports:
- "8084:8080"
volumes:
- "data-store-data:/app/data"
# spot:
# image: "samply/spot"
beam-proxy: beam-proxy:
image: "samply/beam-proxy:develop" image: "samply/beam-proxy:develop"
container_name: bridgehead-beam-proxy
environment: environment:
BROKER_URL: ${BROKER_URL} BROKER_URL: ${BROKER_URL}
PROXY_ID: ${PROXY_ID} PROXY_ID: ${PROXY_ID}
@ -101,17 +92,20 @@ services:
APP_1_ID: ${APP_1_ID_SHORT} APP_1_ID: ${APP_1_ID_SHORT}
APP_1_KEY: ${APP_1_KEY} APP_1_KEY: ${APP_1_KEY}
PRIVKEY_FILE: /run/secrets/proxy.pem PRIVKEY_FILE: /run/secrets/proxy.pem
http_proxy: http://bridgehead-forward-proxy:3128
https_proxy: http://bridgehead-forward-proxy:3128
secrets: secrets:
- proxy.pem - proxy.pem
labels:
- "traefik.enable=false"
depends_on:
- "forward_proxy"
volumes: volumes:
blaze-data: blaze-data:
bridgehead-proxy: bridgehead-proxy:
ccp-search-share-db-data:
task-store-data:
data-store-data:
secrets: secrets:
proxy.pem: proxy.pem:
file: ./pki/${PROXY_ID_SHORT}.priv.pem file: /etc/bridgehead/pki/${PROXY_ID_SHORT}.priv.pem

View File

@ -52,6 +52,11 @@ if [ ! -e "certs/traefik.crt" ]; then
openssl req -x509 -newkey rsa:4096 -nodes -keyout certs/traefik.key -out certs/traefik.crt -days 3650 -subj "/CN=$HOST" openssl req -x509 -newkey rsa:4096 -nodes -keyout certs/traefik.key -out certs/traefik.crt -days 3650 -subj "/CN=$HOST"
fi fi
if [ ! -e "etc/bridgehead/pki/*.priv.pem" ]; then
log ERROR "Privaste certificsate for beam is missing"
exit 1
fi
if [ -e /etc/bridgehead/vault.conf ]; then if [ -e /etc/bridgehead/vault.conf ]; then
if [ "$(stat -c "%a %U" /etc/bridgehead/vault.conf)" != "600 bridgehead" ]; then if [ "$(stat -c "%a %U" /etc/bridgehead/vault.conf)" != "600 bridgehead" ]; then
log ERROR "/etc/bridgehead/vault.conf has wrong owner/permissions. To correct this issue, run chmod 600 /etc/bridgehead/vault.conf && chown bridgehead /etc/bridgehead/vault.conf." log ERROR "/etc/bridgehead/vault.conf has wrong owner/permissions. To correct this issue, run chmod 600 /etc/bridgehead/vault.conf && chown bridgehead /etc/bridgehead/vault.conf."