Added WIP spot and beam proxy

This commit is contained in:
Patrick Skowronek 2022-09-07 11:09:53 +02:00
parent 33ffecb3a2
commit 5c2c76e759
2 changed files with 28 additions and 29 deletions

View File

@ -7,7 +7,8 @@ services:
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker=true - --api.dashboard=true
- --providers.docker=true
- --api.dashboard=true
- --accesslog=true # print access-logs
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
@ -51,7 +52,7 @@ services:
image: "samply/blaze:0.17"
container_name: bridgehead-ccp-blaze
environment:
BASE_URL: "http://blaze:8080"
BASE_URL: "http://bridgehead-ccp-blaze:8080"
JAVA_TOOL_OPTIONS: "-Xmx4g"
LOG_LEVEL: "debug"
ENFORCE_REFERENTIAL_INTEGRITY: "false"
@ -66,33 +67,23 @@ services:
- "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth"
- "traefik.http.routers.blaze_ccp.tls=true"
task-store:
image: "samply/blaze:develop"
spot:
image: "docker.verbis.dkfz.de/ccp-private/local-spot@sha256:9a80eeef29f08ecec947fc2df55a65424255e6d60105fee8ee0ef77db27af01c"
environment:
BASE_URL: "http://localhost:8083"
JAVA_TOOL_OPTIONS: "-Xmx1g"
LOG_LEVEL: "debug"
ports:
- "8083:8080"
volumes:
- "task-store-data:/app/data"
data-store:
image: "samply/blaze:develop"
environment:
BASE_URL: "http://localhost:8084"
JAVA_TOOL_OPTIONS: "-Xmx1g"
LOG_LEVEL: "debug"
ports:
- "8084:8080"
volumes:
- "data-store-data:/app/data"
# spot:
# image: "samply/spot"
SECRET: ${SECRET}
APPID: ${APP_0_ID_SHORT}
PROXY_ID: ${PROXY_ID}
LDM_URL: ${LDM_URL}
BEAM_PROXY: http://beam-proxy:8081
depends_on:
- "beam-proxy"
- "blaze"
labels:
- "traefik.enable=false"
beam-proxy:
image: "samply/beam-proxy:develop"
container_name: bridgehead-beam-proxy
environment:
BROKER_URL: ${BROKER_URL}
PROXY_ID: ${PROXY_ID}
@ -101,17 +92,20 @@ services:
APP_1_ID: ${APP_1_ID_SHORT}
APP_1_KEY: ${APP_1_KEY}
PRIVKEY_FILE: /run/secrets/proxy.pem
http_proxy: http://bridgehead-forward-proxy:3128
https_proxy: http://bridgehead-forward-proxy:3128
secrets:
- proxy.pem
labels:
- "traefik.enable=false"
depends_on:
- "forward_proxy"
volumes:
blaze-data:
bridgehead-proxy:
ccp-search-share-db-data:
task-store-data:
data-store-data:
secrets:
proxy.pem:
file: ./pki/${PROXY_ID_SHORT}.priv.pem
file: /etc/bridgehead/pki/${PROXY_ID_SHORT}.priv.pem

View File

@ -52,6 +52,11 @@ if [ ! -e "certs/traefik.crt" ]; then
openssl req -x509 -newkey rsa:4096 -nodes -keyout certs/traefik.key -out certs/traefik.crt -days 3650 -subj "/CN=$HOST"
fi
if [ ! -e "etc/bridgehead/pki/*.priv.pem" ]; then
log ERROR "Privaste certificsate for beam is missing"
exit 1
fi
if [ -e /etc/bridgehead/vault.conf ]; then
if [ "$(stat -c "%a %U" /etc/bridgehead/vault.conf)" != "600 bridgehead" ]; then
log ERROR "/etc/bridgehead/vault.conf has wrong owner/permissions. To correct this issue, run chmod 600 /etc/bridgehead/vault.conf && chown bridgehead /etc/bridgehead/vault.conf."