Merge pull request #3 from samply/feature/bd28

WIP: Feature/bd28
This commit is contained in:
patrickskowronekdkfz 2022-04-28 09:10:55 +02:00 committed by GitHub
commit 7b299bb338
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 48 additions and 11 deletions

View File

@ -286,9 +286,8 @@ It is not recommended to use this script in production!
### Basic Auth ### Basic Auth
Some services we use authfication to protect the data. For example for local data managemnt like the blaze. use add_user.sh
The /auth direcotry contians for each project a file with user and password combination. If it is not present please create a file with just the project name. To add a combination use [htpasswdgenerator](https://htpasswdgenerator.de/) or use htpasswd on your maschine.
### HTTPS Access ### HTTPS Access

View File

@ -6,23 +6,26 @@ services:
container_name: bridgehead-traefik container_name: bridgehead-traefik
image: traefik:2.4 image: traefik:2.4
command: command:
- --api.insecure=true
- --entrypoints.web.address=:80 - --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443 - --entrypoints.websecure.address=:443
- --providers.docker=true - --providers.docker=true
- --providers.file.directory=/configuration/ - --api.dashboard=true
- --accesslog=true # print access-logs
- --entrypoints.web.http.redirections.entrypoint.to=websecure - --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https - --entrypoints.web.http.redirections.entrypoint.scheme=https
- --providers.file.watch=true labels:
- "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=${bc_auth_users}"
ports: ports:
- 80:80 - 80:80
- 443:443 - 443:443
- 8080:8080
volumes: volumes:
- ../certs:/tools/certs - ../certs:/tools/certs
- ../tools/traefik/:/configuration/
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
- ../auth/:/auth
extra_hosts: extra_hosts:
- "host.docker.internal:host-gateway" - "host.docker.internal:host-gateway"
@ -62,12 +65,13 @@ services:
- "blaze-data:/app/data" - "blaze-data:/app/data"
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.middlewares.test-auth.basicauth.usersfile=/auth/dktk" - "traefik.http.middlewares.test-auth.basicauth.users=${bc_auth_users}"
- "traefik.http.routers.blaze_dktk.rule=PathPrefix(`/dktk-localdatamanagement`)" - "traefik.http.routers.blaze_dktk.rule=PathPrefix(`/dktk-localdatamanagement`)"
- "traefik.http.middlewares.dktk_b_strip.stripprefix.prefixes=/dktk-localdatamanagement" - "traefik.http.middlewares.dktk_b_strip.stripprefix.prefixes=/dktk-localdatamanagement"
- "traefik.http.services.blaze_dktk.loadbalancer.server.port=8080" - "traefik.http.services.blaze_dktk.loadbalancer.server.port=8080"
- "traefik.http.routers.blaze_dktk.middlewares=dktk_b_strip,test-auth" - "traefik.http.routers.blaze_dktk.middlewares=dktk_b_strip,test-auth"
- "traefik.http.routers.blaze_dktk.tls=true" - "traefik.http.routers.blaze_dktk.tls=true"
dktk-connector: dktk-connector:
image: "samply/share-client:gbn-feature-environmentPreconfiguration" image: "samply/share-client:gbn-feature-environmentPreconfiguration"

29
lib/add_bc_user.sh Executable file
View File

@ -0,0 +1,29 @@
#!/bin/bash -e
echo "This script add's a user with password to the bridghead"
if [ $# -eq 0 ]; then
echo "No arguments provided, please provide the project name"
exit 1
fi
if [ ! -f /etc/systemd/system/bridgehead@$1.service.d/override.conf ]; then
echo "Please create a Service first, with setup-bridgehead-units.sh"
exit
fi
read -p 'Username: ' bc_user
read -sp 'Password: ' bc_password
echo
bc=`docker run --rm -it httpd:latest htpasswd -nb $bc_user $bc_password`
if grep -q -E "Environment=bc_auth_users=" /etc/systemd/system/bridgehead@$1.service.d/override.conf ; then
x=`grep -E "Environment=bc_auth_users=" /etc/systemd/system/bridgehead@$1.service.d/override.conf`
sed -i "/Environment=bc_auth_users=/c\\$x,$bc" /etc/systemd/system/bridgehead@$1.service.d/override.conf
else
echo "Environment=bc_auth_users=${bc}" >> /etc/systemd/system/bridgehead@$1.service.d/override.conf
fi

View File

@ -70,11 +70,11 @@ cat > ./landing/index.html <<EOL
<tbody> <tbody>
<tr> <tr>
<td>Bridgehead</td> <td>Bridgehead</td>
<td>Reverse Proxy <a href="http://e260-serv-05:8080/">Traefik</a></td> <td>Reverse Proxy <a href="https://e260-serv-05/dashboard/">Traefik</a></td>
</tr> </tr>
<tr> <tr>
<td>DKTK</td> <td>DKTK</td>
<td><a href="http://e260-serv-05/dktk-localdatamanagement/fhir/">Blaze</a></td> <td><a href="https://e260-serv-05/dktk-localdatamanagement/fhir/">Blaze</a></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>

View File

@ -1,6 +1,11 @@
#!/bin/bash #!/bin/bash
### Note: Currently not complete, needs some features before useable for production ### Note: Currently not complete, needs some features before useable for production
if [ $# -eq 0 ]; then
echo "No arguments provided"
exit 1
fi
source lib/functions.sh source lib/functions.sh
if ! lib/prerequisites.sh; then if ! lib/prerequisites.sh; then