From 18593d8227fdcdef18e08d2f60e0b3b32ba1c8a0 Mon Sep 17 00:00:00 2001
From: Lubomir Bucek <lubojr@seznam.cz>
Date: Mon, 25 Jan 2021 01:57:25 +0100
Subject: [PATCH] update traefik configs

---
 docker-compose.emg.ops.yml     |  9 +++++----
 docker-compose.emg.staging.yml | 11 ++++++-----
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/docker-compose.emg.ops.yml b/docker-compose.emg.ops.yml
index 53d28fdd..f6876d21 100644
--- a/docker-compose.emg.ops.yml
+++ b/docker-compose.emg.ops.yml
@@ -84,14 +84,15 @@ services:
         - "traefik.http.routers.emg-cache-redirect-shib.middlewares=redirect@file"
         - "traefik.http.routers.emg-cache-redirect-shib.entrypoints=http"
         # router for internal proxy based access (https)
-        - "traefik.http.routers.emg-cache-proxy.rule=Host(`proxy.emg.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`HTTP_Oa-User-Category`,`(Copernicus_Services|Union_Inst|Union_Research_Projects_space|Union_Research_Projects_non-space|Public_Auth)`)"
-        - "traefik.http.routers.emg-cache-proxy.middlewares=emg-pass-whitelist,compress@file,cors@file"
+        - "traefik.http.middlewares.emg-pass-whitelist-cache.ipwhitelist.sourcerange=<insert-proxy-url>"
+        - "traefik.http.routers.emg-cache-proxy.rule=Host(`proxy.emg.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`HTTP_Oa-User-Category`,`(Copernicus_Services|Union_Inst|Union_Research_Projects_space|Union_Research_Projects_non-space|Public_Auth)`)"
+        - "traefik.http.routers.emg-cache-proxy.middlewares=emg-pass-whitelist-cache,compress@file,cors@file"
         - "traefik.http.routers.emg-cache-proxy.tls=true"
         - "traefik.http.routers.emg-cache-proxy.tls.certresolver=default"
         - "traefik.http.routers.emg-cache-proxy.entrypoints=https"
         # router for internal proxy based access (http)
-        - "traefik.http.routers.emg-cache-redirect-proxy.rule=Host(`proxy.emg.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`HTTP_Oa-User-Category`,`(Copernicus_Services|Union_Inst|Union_Research_Projects_space|Union_Research_Projects_non-space|Public_Auth)`)"
-        - "traefik.http.routers.emg-cache-redirect-proxy.middlewares=emg-pass-whitelist,redirect@file"
+        - "traefik.http.routers.emg-cache-redirect-proxy.rule=Host(`proxy.emg.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`HTTP_Oa-User-Category`,`(Copernicus_Services|Union_Inst|Union_Research_Projects_space|Union_Research_Projects_non-space|Public_Auth)`)"
+        - "traefik.http.routers.emg-cache-redirect-proxy.middlewares=emg-pass-whitelist-cache,redirect@file"
         - "traefik.http.routers.emg-cache-redirect-proxy.entrypoints=http"
         # router for basic auth based access (https)
         - "traefik.http.routers.emg-cache.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`) && PathPrefix(`/cache`)"
diff --git a/docker-compose.emg.staging.yml b/docker-compose.emg.staging.yml
index a6c00f00..c63a245d 100644
--- a/docker-compose.emg.staging.yml
+++ b/docker-compose.emg.staging.yml
@@ -24,7 +24,7 @@ services:
         - "traefik.http.routers.emg-renderer-redirect-shib.middlewares=redirect@file"
         - "traefik.http.routers.emg-renderer-redirect-shib.entrypoints=http"
         # router for internal proxy based access (https)
-        - "traefik.http.middlewares.emg-pass-whitelist.ipwhitelist.sourcerange=<insert-proxy-url>"
+        - "traefik.http.middlewares.emg-pass-whitelist.ipwhitelist.sourcerange=178.248.89.10"
         - "traefik.http.routers.emg-renderer-proxy.rule=Host(`proxy.emg.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`HTTP_Oa-User-Category`,`(Copernicus_Services|Union_Inst|Union_Research_Projects_space|Union_Research_Projects_non-space|Public_Auth|CDS Operations)`)"
         - "traefik.http.routers.emg-renderer-proxy.middlewares=emg-pass-whitelist,compress@file,cors@file"
         - "traefik.http.routers.emg-renderer-proxy.tls=true"
@@ -80,14 +80,15 @@ services:
         - "traefik.http.routers.emg-cache-redirect-shib.middlewares=redirect@file"
         - "traefik.http.routers.emg-cache-redirect-shib.entrypoints=http"
         # router for internal proxy based access (https)
-        - "traefik.http.routers.emg-cache-proxy.rule=Host(`proxy.emg.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`HTTP_Oa-User-Category`,`(Copernicus_Services|Union_Inst|Union_Research_Projects_space|Union_Research_Projects_non-space|Public_Auth|CDS Operations)`)"
-        - "traefik.http.routers.emg-cache-proxy.middlewares=emg-pass-whitelist,compress@file,cors@file"
+        - "traefik.http.middlewares.emg-pass-whitelist-cache.ipwhitelist.sourcerange=178.248.89.10"
+        - "traefik.http.routers.emg-cache-proxy.rule=Host(`proxy.emg.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`HTTP_Oa-User-Category`,`(Copernicus_Services|Union_Inst|Union_Research_Projects_space|Union_Research_Projects_non-space|Public_Auth|CDS Operations)`)"
+        - "traefik.http.routers.emg-cache-proxy.middlewares=emg-pass-whitelist-cache,compress@file,cors@file"
         - "traefik.http.routers.emg-cache-proxy.tls=true"
         - "traefik.http.routers.emg-cache-proxy.tls.certresolver=default"
         - "traefik.http.routers.emg-cache-proxy.entrypoints=https"
         # router for internal proxy based access (http)
-        - "traefik.http.routers.emg-cache-redirect-proxy.rule=Host(`proxy.emg.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`HTTP_Oa-User-Category`,`(Copernicus_Services|Union_Inst|Union_Research_Projects_space|Union_Research_Projects_non-space|Public_Auth|CDS Operations)`)"
-        - "traefik.http.routers.emg-cache-redirect-proxy.middlewares=emg-pass-whitelist,redirect@file"
+        - "traefik.http.routers.emg-cache-redirect-proxy.rule=Host(`proxy.emg.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`HTTP_Oa-User-Category`,`(Copernicus_Services|Union_Inst|Union_Research_Projects_space|Union_Research_Projects_non-space|Public_Auth|CDS Operations)`)"
+        - "traefik.http.routers.emg-cache-redirect-proxy.middlewares=emg-pass-whitelist-cache,redirect@file"
         - "traefik.http.routers.emg-cache-redirect-proxy.entrypoints=http"
         # router for basic auth based access (https)
         - "traefik.http.routers.emg-cache.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`) && PathPrefix(`/cache`)"
-- 
GitLab