commit
7b299bb338
|
@ -286,9 +286,8 @@ It is not recommended to use this script in production!
|
||||||
|
|
||||||
### Basic Auth
|
### Basic Auth
|
||||||
|
|
||||||
Some services we use authfication to protect the data. For example for local data managemnt like the blaze.
|
use add_user.sh
|
||||||
|
|
||||||
The /auth direcotry contians for each project a file with user and password combination. If it is not present please create a file with just the project name. To add a combination use [htpasswdgenerator](https://htpasswdgenerator.de/) or use htpasswd on your maschine.
|
|
||||||
|
|
||||||
### HTTPS Access
|
### HTTPS Access
|
||||||
|
|
||||||
|
|
|
@ -6,23 +6,26 @@ services:
|
||||||
container_name: bridgehead-traefik
|
container_name: bridgehead-traefik
|
||||||
image: traefik:2.4
|
image: traefik:2.4
|
||||||
command:
|
command:
|
||||||
- --api.insecure=true
|
|
||||||
- --entrypoints.web.address=:80
|
- --entrypoints.web.address=:80
|
||||||
- --entrypoints.websecure.address=:443
|
- --entrypoints.websecure.address=:443
|
||||||
- --providers.docker=true
|
- --providers.docker=true
|
||||||
- --providers.file.directory=/configuration/
|
- --api.dashboard=true
|
||||||
|
- --accesslog=true # print access-logs
|
||||||
- --entrypoints.web.http.redirections.entrypoint.to=websecure
|
- --entrypoints.web.http.redirections.entrypoint.to=websecure
|
||||||
- --entrypoints.web.http.redirections.entrypoint.scheme=https
|
- --entrypoints.web.http.redirections.entrypoint.scheme=https
|
||||||
- --providers.file.watch=true
|
labels:
|
||||||
|
- "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
|
||||||
|
- "traefik.http.routers.dashboard.entrypoints=websecure"
|
||||||
|
- "traefik.http.routers.dashboard.service=api@internal"
|
||||||
|
- "traefik.http.routers.dashboard.tls=true"
|
||||||
|
- "traefik.http.routers.dashboard.middlewares=auth"
|
||||||
|
- "traefik.http.middlewares.auth.basicauth.users=${bc_auth_users}"
|
||||||
ports:
|
ports:
|
||||||
- 80:80
|
- 80:80
|
||||||
- 443:443
|
- 443:443
|
||||||
- 8080:8080
|
|
||||||
volumes:
|
volumes:
|
||||||
- ../certs:/tools/certs
|
- ../certs:/tools/certs
|
||||||
- ../tools/traefik/:/configuration/
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
- ../auth/:/auth
|
|
||||||
extra_hosts:
|
extra_hosts:
|
||||||
- "host.docker.internal:host-gateway"
|
- "host.docker.internal:host-gateway"
|
||||||
|
|
||||||
|
@ -62,13 +65,14 @@ services:
|
||||||
- "blaze-data:/app/data"
|
- "blaze-data:/app/data"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.middlewares.test-auth.basicauth.usersfile=/auth/dktk"
|
- "traefik.http.middlewares.test-auth.basicauth.users=${bc_auth_users}"
|
||||||
- "traefik.http.routers.blaze_dktk.rule=PathPrefix(`/dktk-localdatamanagement`)"
|
- "traefik.http.routers.blaze_dktk.rule=PathPrefix(`/dktk-localdatamanagement`)"
|
||||||
- "traefik.http.middlewares.dktk_b_strip.stripprefix.prefixes=/dktk-localdatamanagement"
|
- "traefik.http.middlewares.dktk_b_strip.stripprefix.prefixes=/dktk-localdatamanagement"
|
||||||
- "traefik.http.services.blaze_dktk.loadbalancer.server.port=8080"
|
- "traefik.http.services.blaze_dktk.loadbalancer.server.port=8080"
|
||||||
- "traefik.http.routers.blaze_dktk.middlewares=dktk_b_strip,test-auth"
|
- "traefik.http.routers.blaze_dktk.middlewares=dktk_b_strip,test-auth"
|
||||||
- "traefik.http.routers.blaze_dktk.tls=true"
|
- "traefik.http.routers.blaze_dktk.tls=true"
|
||||||
|
|
||||||
|
|
||||||
dktk-connector:
|
dktk-connector:
|
||||||
image: "samply/share-client:gbn-feature-environmentPreconfiguration"
|
image: "samply/share-client:gbn-feature-environmentPreconfiguration"
|
||||||
environment:
|
environment:
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
#!/bin/bash -e
|
||||||
|
|
||||||
|
echo "This script add's a user with password to the bridghead"
|
||||||
|
|
||||||
|
if [ $# -eq 0 ]; then
|
||||||
|
echo "No arguments provided, please provide the project name"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f /etc/systemd/system/bridgehead@$1.service.d/override.conf ]; then
|
||||||
|
echo "Please create a Service first, with setup-bridgehead-units.sh"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
read -p 'Username: ' bc_user
|
||||||
|
read -sp 'Password: ' bc_password
|
||||||
|
|
||||||
|
echo
|
||||||
|
|
||||||
|
|
||||||
|
bc=`docker run --rm -it httpd:latest htpasswd -nb $bc_user $bc_password`
|
||||||
|
|
||||||
|
if grep -q -E "Environment=bc_auth_users=" /etc/systemd/system/bridgehead@$1.service.d/override.conf ; then
|
||||||
|
x=`grep -E "Environment=bc_auth_users=" /etc/systemd/system/bridgehead@$1.service.d/override.conf`
|
||||||
|
sed -i "/Environment=bc_auth_users=/c\\$x,$bc" /etc/systemd/system/bridgehead@$1.service.d/override.conf
|
||||||
|
|
||||||
|
else
|
||||||
|
echo "Environment=bc_auth_users=${bc}" >> /etc/systemd/system/bridgehead@$1.service.d/override.conf
|
||||||
|
fi
|
|
@ -70,11 +70,11 @@ cat > ./landing/index.html <<EOL
|
||||||
<tbody>
|
<tbody>
|
||||||
<tr>
|
<tr>
|
||||||
<td>Bridgehead</td>
|
<td>Bridgehead</td>
|
||||||
<td>Reverse Proxy <a href="http://e260-serv-05:8080/">Traefik</a></td>
|
<td>Reverse Proxy <a href="https://e260-serv-05/dashboard/">Traefik</a></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td>DKTK</td>
|
<td>DKTK</td>
|
||||||
<td><a href="http://e260-serv-05/dktk-localdatamanagement/fhir/">Blaze</a></td>
|
<td><a href="https://e260-serv-05/dktk-localdatamanagement/fhir/">Blaze</a></td>
|
||||||
</tr>
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
|
@ -1,6 +1,11 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
### Note: Currently not complete, needs some features before useable for production
|
### Note: Currently not complete, needs some features before useable for production
|
||||||
|
|
||||||
|
if [ $# -eq 0 ]; then
|
||||||
|
echo "No arguments provided"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
source lib/functions.sh
|
source lib/functions.sh
|
||||||
|
|
||||||
if ! lib/prerequisites.sh; then
|
if ! lib/prerequisites.sh; then
|
||||||
|
|
Loading…
Reference in New Issue