EOX GitLab Instance

Skip to content
Snippets Groups Projects
Commit 3f73c735 authored by Fabian Schindler's avatar Fabian Schindler
Browse files

Fixing auth forwarding 

using correct labels
Setup of middleware in traefik-dynamic.yml
parent d37d1818
No related branches found
No related tags found
2 merge requests!36Staging to master to prepare 1.0.0 release,!34Shib auth
Hide whitespace changes
Inline Side-by-side
docker-compose.dem.ops.yml
+ 3
15
View file @ 3f73c735
...@@ -14,7 +14,7 @@ services: ...@@ -14,7 +14,7 @@ services:
labels: labels:
# router for basic auth based access (https) # router for basic auth based access (https)
- "traefik.http.routers.dem-renderer.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)" - "traefik.http.routers.dem-renderer.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.dem-renderer.middlewares=auth@file,compress@file,cors@file" - "traefik.http.routers.dem-renderer.middlewares=auth@file,compress@file,cors@file,shibAuth@file"
- "traefik.http.routers.dem-renderer.tls=true" - "traefik.http.routers.dem-renderer.tls=true"
- "traefik.http.routers.dem-renderer.tls.certresolver=default" - "traefik.http.routers.dem-renderer.tls.certresolver=default"
- "traefik.http.routers.dem-renderer.entrypoints=https" - "traefik.http.routers.dem-renderer.entrypoints=https"
...@@ -32,10 +32,6 @@ services: ...@@ -32,10 +32,6 @@ services:
- "traefik.http.routers.dem-renderer_referer-redirect.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|dem.pdas.prism.eox.at|dem.pass.copernicus.eu)/?`)" - "traefik.http.routers.dem-renderer_referer-redirect.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|dem.pdas.prism.eox.at|dem.pass.copernicus.eu)/?`)"
- "traefik.http.routers.dem-renderer_referer-redirect.middlewares=redirect@file" - "traefik.http.routers.dem-renderer_referer-redirect.middlewares=redirect@file"
- "traefik.http.routers.dem-renderer_referer-redirect.entrypoints=http" - "traefik.http.routers.dem-renderer_referer-redirect.entrypoints=http"
# Auth forwarding
- "traefik.frontend.auth.forward.address=http://auth/auth"
- traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User
- traefik.frontend.auth.forward.trustForwardHeader=true
# general # general
- "traefik.http.services.dem-renderer.loadbalancer.sticky=false" - "traefik.http.services.dem-renderer.loadbalancer.sticky=false"
- "traefik.http.services.dem-renderer.loadbalancer.server.port=80" - "traefik.http.services.dem-renderer.loadbalancer.server.port=80"
...@@ -60,7 +56,7 @@ services: ...@@ -60,7 +56,7 @@ services:
- "traefik.http.middlewares.cache-stripprefix.stripprefix.prefixes=/cache" - "traefik.http.middlewares.cache-stripprefix.stripprefix.prefixes=/cache"
# router for basic auth based access (https) # router for basic auth based access (https)
- "traefik.http.routers.dem-cache.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/cache`)" - "traefik.http.routers.dem-cache.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.dem-cache.middlewares=auth@file,cache-stripprefix,compress@file,cors@file" - "traefik.http.routers.dem-cache.middlewares=auth@file,cache-stripprefix,compress@file,cors@file,shibAuth@file"
- "traefik.http.routers.dem-cache.tls=true" - "traefik.http.routers.dem-cache.tls=true"
- "traefik.http.routers.dem-cache.tls.certresolver=default" - "traefik.http.routers.dem-cache.tls.certresolver=default"
- "traefik.http.routers.dem-cache.entrypoints=https" - "traefik.http.routers.dem-cache.entrypoints=https"
...@@ -78,10 +74,6 @@ services: ...@@ -78,10 +74,6 @@ services:
- "traefik.http.routers.dem-cache_referer-redirect.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|dem.pdas.prism.eox.at|dem.pass.copernicus.eu)/?`)" - "traefik.http.routers.dem-cache_referer-redirect.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|dem.pdas.prism.eox.at|dem.pass.copernicus.eu)/?`)"
- "traefik.http.routers.dem-cache_referer-redirect.middlewares=redirect@file" - "traefik.http.routers.dem-cache_referer-redirect.middlewares=redirect@file"
- "traefik.http.routers.dem-cache_referer-redirect.entrypoints=http" - "traefik.http.routers.dem-cache_referer-redirect.entrypoints=http"
# Auth forwarding
- "traefik.frontend.auth.forward.address=http://auth/auth"
- traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User
- traefik.frontend.auth.forward.trustForwardHeader=true
# general # general
- "traefik.http.services.dem-cache.loadbalancer.sticky=false" - "traefik.http.services.dem-cache.loadbalancer.sticky=false"
- "traefik.http.services.dem-cache.loadbalancer.server.port=80" - "traefik.http.services.dem-cache.loadbalancer.server.port=80"
...@@ -114,7 +106,7 @@ services: ...@@ -114,7 +106,7 @@ services:
labels: labels:
# router for basic auth based access (https) # router for basic auth based access (https)
- "traefik.http.routers.dem-client.rule=Host(`dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`)" - "traefik.http.routers.dem-client.rule=Host(`dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`)"
- "traefik.http.routers.dem-client.middlewares=auth@file,compress@file" - "traefik.http.routers.dem-client.middlewares=auth@file,compress@file,shibAuth@file"
- "traefik.http.routers.dem-client.tls=true" - "traefik.http.routers.dem-client.tls=true"
- "traefik.http.routers.dem-client.tls.certresolver=default" - "traefik.http.routers.dem-client.tls.certresolver=default"
- "traefik.http.routers.dem-client.entrypoints=https" - "traefik.http.routers.dem-client.entrypoints=https"
...@@ -122,10 +114,6 @@ services: ...@@ -122,10 +114,6 @@ services:
- "traefik.http.routers.dem-client-redirect.rule=Host(`dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`)" - "traefik.http.routers.dem-client-redirect.rule=Host(`dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`)"
- "traefik.http.routers.dem-client-redirect.middlewares=redirect@file" - "traefik.http.routers.dem-client-redirect.middlewares=redirect@file"
- "traefik.http.routers.dem-client-redirect.entrypoints=http" - "traefik.http.routers.dem-client-redirect.entrypoints=http"
# Auth forwarding
- "traefik.frontend.auth.forward.address=http://auth/auth"
- traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User
- traefik.frontend.auth.forward.trustForwardHeader=true
# general # general
- "traefik.http.services.dem-client.loadbalancer.sticky=false" - "traefik.http.services.dem-client.loadbalancer.sticky=false"
- "traefik.http.services.dem-client.loadbalancer.server.port=80" - "traefik.http.services.dem-client.loadbalancer.server.port=80"
......
docker-compose.emg.ops.yml
+ 3
15
View file @ 3f73c735
...@@ -14,7 +14,7 @@ services: ...@@ -14,7 +14,7 @@ services:
labels: labels:
# router for basic auth based access (https) # router for basic auth based access (https)
- "traefik.http.routers.emg-renderer.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)" - "traefik.http.routers.emg-renderer.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.emg-renderer.middlewares=auth@file,compress@file,cors@file" - "traefik.http.routers.emg-renderer.middlewares=auth@file,compress@file,cors@file,shibAuth@file"
- "traefik.http.routers.emg-renderer.tls=true" - "traefik.http.routers.emg-renderer.tls=true"
- "traefik.http.routers.emg-renderer.tls.certresolver=default" - "traefik.http.routers.emg-renderer.tls.certresolver=default"
- "traefik.http.routers.emg-renderer.entrypoints=https" - "traefik.http.routers.emg-renderer.entrypoints=https"
...@@ -32,10 +32,6 @@ services: ...@@ -32,10 +32,6 @@ services:
- "traefik.http.routers.emg-renderer_referer-redirect.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|emg.pdas.prism.eox.at|emg.pass.copernicus.eu)/?`)" - "traefik.http.routers.emg-renderer_referer-redirect.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|emg.pdas.prism.eox.at|emg.pass.copernicus.eu)/?`)"
- "traefik.http.routers.emg-renderer_referer-redirect.middlewares=redirect@file" - "traefik.http.routers.emg-renderer_referer-redirect.middlewares=redirect@file"
- "traefik.http.routers.emg-renderer_referer-redirect.entrypoints=http" - "traefik.http.routers.emg-renderer_referer-redirect.entrypoints=http"
# Auth forwarding
- "traefik.frontend.auth.forward.address=http://auth/auth"
- traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User
- traefik.frontend.auth.forward.trustForwardHeader=true
# general # general
- "traefik.http.services.emg-renderer.loadbalancer.sticky=false" - "traefik.http.services.emg-renderer.loadbalancer.sticky=false"
- "traefik.http.services.emg-renderer.loadbalancer.server.port=80" - "traefik.http.services.emg-renderer.loadbalancer.server.port=80"
...@@ -60,7 +56,7 @@ services: ...@@ -60,7 +56,7 @@ services:
- "traefik.http.middlewares.cache-stripprefix.stripprefix.prefixes=/cache" - "traefik.http.middlewares.cache-stripprefix.stripprefix.prefixes=/cache"
# router for basic auth based access (https) # router for basic auth based access (https)
- "traefik.http.routers.emg-cache.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/cache`)" - "traefik.http.routers.emg-cache.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.emg-cache.middlewares=auth@file,cache-stripprefix,compress@file,cors@file" - "traefik.http.routers.emg-cache.middlewares=auth@file,cache-stripprefix,compress@file,cors@file,shibAuth@file"
- "traefik.http.routers.emg-cache.tls=true" - "traefik.http.routers.emg-cache.tls=true"
- "traefik.http.routers.emg-cache.tls.certresolver=default" - "traefik.http.routers.emg-cache.tls.certresolver=default"
- "traefik.http.routers.emg-cache.entrypoints=https" - "traefik.http.routers.emg-cache.entrypoints=https"
...@@ -78,10 +74,6 @@ services: ...@@ -78,10 +74,6 @@ services:
- "traefik.http.routers.emg-cache_referer-redirect.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|emg.pdas.prism.eox.at|emg.pass.copernicus.eu)/?`)" - "traefik.http.routers.emg-cache_referer-redirect.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|emg.pdas.prism.eox.at|emg.pass.copernicus.eu)/?`)"
- "traefik.http.routers.emg-cache_referer-redirect.middlewares=redirect@file" - "traefik.http.routers.emg-cache_referer-redirect.middlewares=redirect@file"
- "traefik.http.routers.emg-cache_referer-redirect.entrypoints=http" - "traefik.http.routers.emg-cache_referer-redirect.entrypoints=http"
# Auth forwarding
- "traefik.frontend.auth.forward.address=http://auth/auth"
- traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User
- traefik.frontend.auth.forward.trustForwardHeader=true
# general # general
- "traefik.http.services.emg-cache.loadbalancer.sticky=false" - "traefik.http.services.emg-cache.loadbalancer.sticky=false"
- "traefik.http.services.emg-cache.loadbalancer.server.port=80" - "traefik.http.services.emg-cache.loadbalancer.server.port=80"
...@@ -114,7 +106,7 @@ services: ...@@ -114,7 +106,7 @@ services:
labels: labels:
# router for basic auth based access (https) # router for basic auth based access (https)
- "traefik.http.routers.emg-client.rule=Host(`emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`)" - "traefik.http.routers.emg-client.rule=Host(`emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`)"
- "traefik.http.routers.emg-client.middlewares=auth@file,compress@file" - "traefik.http.routers.emg-client.middlewares=auth@file,compress@file,shibAuth@file"
- "traefik.http.routers.emg-client.tls=true" - "traefik.http.routers.emg-client.tls=true"
- "traefik.http.routers.emg-client.tls.certresolver=default" - "traefik.http.routers.emg-client.tls.certresolver=default"
- "traefik.http.routers.emg-client.entrypoints=https" - "traefik.http.routers.emg-client.entrypoints=https"
...@@ -122,10 +114,6 @@ services: ...@@ -122,10 +114,6 @@ services:
- "traefik.http.routers.emg-client-redirect.rule=Host(`emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`)" - "traefik.http.routers.emg-client-redirect.rule=Host(`emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`)"
- "traefik.http.routers.emg-client-redirect.middlewares=redirect@file" - "traefik.http.routers.emg-client-redirect.middlewares=redirect@file"
- "traefik.http.routers.emg-client-redirect.entrypoints=http" - "traefik.http.routers.emg-client-redirect.entrypoints=http"
# Auth forwarding
- "traefik.frontend.auth.forward.address=http://auth/auth"
- traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User
- traefik.frontend.auth.forward.trustForwardHeader=true
# general # general
- "traefik.http.services.emg-client.loadbalancer.sticky=false" - "traefik.http.services.emg-client.loadbalancer.sticky=false"
- "traefik.http.services.emg-client.loadbalancer.server.port=80" - "traefik.http.services.emg-client.loadbalancer.server.port=80"
......
docker-compose.vhr18.ops.yml
+ 3
15
View file @ 3f73c735
...@@ -15,7 +15,7 @@ services: ...@@ -15,7 +15,7 @@ services:
labels: labels:
# router for basic auth based access (https) # router for basic auth based access (https)
- "traefik.http.routers.vhr18-renderer.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)" - "traefik.http.routers.vhr18-renderer.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.vhr18-renderer.middlewares=auth@file,compress@file,cors@file" - "traefik.http.routers.vhr18-renderer.middlewares=auth@file,compress@file,cors@file,shibAuth@file"
- "traefik.http.routers.vhr18-renderer.tls=true" - "traefik.http.routers.vhr18-renderer.tls=true"
- "traefik.http.routers.vhr18-renderer.tls.certresolver=default" - "traefik.http.routers.vhr18-renderer.tls.certresolver=default"
- "traefik.http.routers.vhr18-renderer.entrypoints=https" - "traefik.http.routers.vhr18-renderer.entrypoints=https"
...@@ -33,10 +33,6 @@ services: ...@@ -33,10 +33,6 @@ services:
- "traefik.http.routers.vhr18-renderer_referer-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|vhr18.pdas.prism.eox.at|vhr18.pass.copernicus.eu)/?`)" - "traefik.http.routers.vhr18-renderer_referer-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|vhr18.pdas.prism.eox.at|vhr18.pass.copernicus.eu)/?`)"
- "traefik.http.routers.vhr18-renderer_referer-redirect.middlewares=redirect@file" - "traefik.http.routers.vhr18-renderer_referer-redirect.middlewares=redirect@file"
- "traefik.http.routers.vhr18-renderer_referer-redirect.entrypoints=http" - "traefik.http.routers.vhr18-renderer_referer-redirect.entrypoints=http"
# Auth forwarding
- "traefik.frontend.auth.forward.address=http://auth/auth"
- traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User
- traefik.frontend.auth.forward.trustForwardHeader=true
# general # general
- "traefik.http.services.vhr18-renderer.loadbalancer.sticky=false" - "traefik.http.services.vhr18-renderer.loadbalancer.sticky=false"
- "traefik.http.services.vhr18-renderer.loadbalancer.server.port=80" - "traefik.http.services.vhr18-renderer.loadbalancer.server.port=80"
...@@ -60,7 +56,7 @@ services: ...@@ -60,7 +56,7 @@ services:
- "traefik.http.middlewares.cache-stripprefix.stripprefix.prefixes=/cache" - "traefik.http.middlewares.cache-stripprefix.stripprefix.prefixes=/cache"
# router for basic auth based access (https) # router for basic auth based access (https)
- "traefik.http.routers.vhr18-cache.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/cache`)" - "traefik.http.routers.vhr18-cache.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.vhr18-cache.middlewares=auth@file,cache-stripprefix,compress@file,cors@file" - "traefik.http.routers.vhr18-cache.middlewares=auth@file,cache-stripprefix,compress@file,cors@file,shibAuth@file"
- "traefik.http.routers.vhr18-cache.tls=true" - "traefik.http.routers.vhr18-cache.tls=true"
- "traefik.http.routers.vhr18-cache.tls.certresolver=default" - "traefik.http.routers.vhr18-cache.tls.certresolver=default"
- "traefik.http.routers.vhr18-cache.entrypoints=https" - "traefik.http.routers.vhr18-cache.entrypoints=https"
...@@ -78,10 +74,6 @@ services: ...@@ -78,10 +74,6 @@ services:
- "traefik.http.routers.vhr18-cache_referer-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|vhr18.pdas.prism.eox.at|vhr18.pass.copernicus.eu)/?`)" - "traefik.http.routers.vhr18-cache_referer-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|vhr18.pdas.prism.eox.at|vhr18.pass.copernicus.eu)/?`)"
- "traefik.http.routers.vhr18-cache_referer-redirect.middlewares=redirect@file" - "traefik.http.routers.vhr18-cache_referer-redirect.middlewares=redirect@file"
- "traefik.http.routers.vhr18-cache_referer-redirect.entrypoints=http" - "traefik.http.routers.vhr18-cache_referer-redirect.entrypoints=http"
# Auth forwarding
- "traefik.frontend.auth.forward.address=http://auth/auth"
- traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User
- traefik.frontend.auth.forward.trustForwardHeader=true
# general # general
- "traefik.http.services.vhr18-cache.loadbalancer.sticky=false" - "traefik.http.services.vhr18-cache.loadbalancer.sticky=false"
- "traefik.http.services.vhr18-cache.loadbalancer.server.port=80" - "traefik.http.services.vhr18-cache.loadbalancer.server.port=80"
...@@ -114,7 +106,7 @@ services: ...@@ -114,7 +106,7 @@ services:
labels: labels:
# router for basic auth based access (https) # router for basic auth based access (https)
- "traefik.http.routers.vhr18-client.rule=Host(`vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`)" - "traefik.http.routers.vhr18-client.rule=Host(`vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`)"
- "traefik.http.routers.vhr18-client.middlewares=auth@file,compress@file" - "traefik.http.routers.vhr18-client.middlewares=auth@file,compress@file,shibAuth@file"
- "traefik.http.routers.vhr18-client.tls=true" - "traefik.http.routers.vhr18-client.tls=true"
- "traefik.http.routers.vhr18-client.tls.certresolver=default" - "traefik.http.routers.vhr18-client.tls.certresolver=default"
- "traefik.http.routers.vhr18-client.entrypoints=https" - "traefik.http.routers.vhr18-client.entrypoints=https"
...@@ -122,10 +114,6 @@ services: ...@@ -122,10 +114,6 @@ services:
- "traefik.http.routers.vhr18-client-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`)" - "traefik.http.routers.vhr18-client-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`)"
- "traefik.http.routers.vhr18-client-redirect.middlewares=redirect@file" - "traefik.http.routers.vhr18-client-redirect.middlewares=redirect@file"
- "traefik.http.routers.vhr18-client-redirect.entrypoints=http" - "traefik.http.routers.vhr18-client-redirect.entrypoints=http"
# Auth forwarding
- "traefik.frontend.auth.forward.address=http://auth/auth"
- traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User
- traefik.frontend.auth.forward.trustForwardHeader=true
# general # general
- "traefik.http.services.vhr18-client.loadbalancer.sticky=false" - "traefik.http.services.vhr18-client.loadbalancer.sticky=false"
- "traefik.http.services.vhr18-client.loadbalancer.server.port=80" - "traefik.http.services.vhr18-client.loadbalancer.server.port=80"
......
traefik-dynamic.yml
+ 4
0
View file @ 3f73c735
...@@ -20,6 +20,10 @@ http: ...@@ -20,6 +20,10 @@ http:
realm: "PRISM View Server (PVS)" realm: "PRISM View Server (PVS)"
users: users:
- "***REMOVED***" - "***REMOVED***"
shibAuth:
forwardAuth:
address: http://auth/auth
trustForwardHeader: true
compress: compress:
compress: {} compress: {}
redirect: redirect:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment