[shibauth] update docker compose files for other collections

405f1e21 · Lubomir Dolezal · 69620bed · 405f1e21 · 405f1e21 · 405f1e21
Commit 405f1e21 authored 4 years ago by Lubomir Dolezal
--- a/docker-compose.base.ops.yml
+++ b/docker-compose.base.ops.yml
@@ -28,40 +28,9 @@ services:
      - emg-extnet
      - dem-extnet
      - logging-extnet
-      - shib-extnet
    secrets:
      - BASIC_AUTH_USERS_APIAUTH
      - BASIC_AUTH_USERS_AUTH
-  shibauth:
-    image: testing-shibboleth
-    environment:
-      APACHE_SERVERNAME: "https://emg.pdas.prism.eox.at:443"
-    secrets:
-      - SHIB_CERT
-      - SHIB_KEY
-    deploy:
-      replicas: 1
-      placement:
-        constraints: [node.role == manager]
-      labels:
-        # router for basic auth based access (https)
-        - "traefik.http.routers.shibauth.rule=Host(`emg.pdas.prism.eox.at`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
-        - "traefik.http.routers.shibauth.middlewares=compress@file,cors@file"
-        - "traefik.http.routers.shibauth.tls=true"
-        - "traefik.http.routers.shibauth.tls.certresolver=default"
-        - "traefik.http.routers.shibauth.entrypoints=https"
-        # router for basic auth based access (http)
-        - "traefik.http.routers.shibauth-redirect.rule=Host(`emg.pdas.prism.eox.at`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
-        - "traefik.http.routers.shibauth-redirect.middlewares=redirect@file"
-        - "traefik.http.routers.shibauth-redirect.entrypoints=http"
-        # general
-        - "traefik.http.services.shibauth.loadbalancer.sticky=false"
-        - "traefik.http.services.shibauth.loadbalancer.server.port=80"
-        - "traefik.docker.network=shib-extnet"
-        - "traefik.docker.lbswarm=true"
-        - "traefik.enable=true"
-    networks:
-      - shib-extnet
 volumes:
  traefik-data:
 networks:
@@ -73,13 +42,7 @@ networks:
    name: dem-extnet
  logging-extnet:
    name: logging-extnet
-  shib-extnet:
-    name: shib-extnet
 secrets:
-  SHIB_CERT:
-    external: true
-  SHIB_KEY:
-    external: true
  BASIC_AUTH_USERS_APIAUTH:
    external: true
  BASIC_AUTH_USERS_AUTH:

--- a/docker-compose.dem.ops.yml
+++ b/docker-compose.dem.ops.yml
@@ -165,7 +165,51 @@ services:
      placement:
        constraints:
          - node.labels.type == internal
+  shibauth:
+    image: testing-shibboleth
+    environment:
+      APACHE_SERVERNAME: "https://dem-secure.pass.copernicus.eu:443"
+    secrets:
+      - SHIB_CERT
+      - SHIB_KEY
+      - BASIC_AUTH_USERS_AUTH
+    deploy:
+      replicas: 1
+      placement:
+        constraints: [node.role == manager]
+      labels:
+        # router for basic auth based access (https)
+        - "traefik.http.routers.shibauth.rule=Host(`dem-secure.pass.copernicus.eu`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
+        - "traefik.http.routers.shibauth.middlewares=compress@file,cors@file"
+        - "traefik.http.routers.shibauth.tls=true"
+        - "traefik.http.routers.shibauth.tls.certresolver=default"
+        - "traefik.http.routers.shibauth.entrypoints=https"
+        # router for basic auth based access (http)
+        - "traefik.http.routers.shibauth-redirect.rule=Host(`dem-secure.pass.copernicus.eu`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
+        - "traefik.http.routers.shibauth-redirect.middlewares=redirect@file"
+        - "traefik.http.routers.shibauth-redirect.entrypoints=http"
+        # general
+        - "traefik.http.services.shibauth.loadbalancer.sticky=false"
+        - "traefik.http.services.shibauth.loadbalancer.server.port=80"
+        - "traefik.docker.network=dem-extnet"
+        - "traefik.docker.lbswarm=true"
+        - "traefik.enable=true"
+    networks:
+      - dem-extnet
+    configs:
+      - source: access-control-conf
+        target: /etc/shibboleth/pass-ac.xml
 networks:
  extnet:
    name: dem-extnet
    external: true
+configs:
+  access-control-conf:
+    file: ./config/dem_pass-ac.xml
+secrets:
+  SHIB_CERT:
+    external: true
+  SHIB_KEY:
+    external: true
+  BASIC_AUTH_USERS_AUTH:
+    external: true
--- a/docker-compose.emg.ops.yml
+++ b/docker-compose.emg.ops.yml
@@ -155,7 +155,51 @@ services:
      placement:
        constraints:
          - node.labels.type == internal
+  shibauth:
+    image: testing-shibboleth
+    environment:
+      APACHE_SERVERNAME: "https://emg-secure.pass.copernicus.eu:443"
+    secrets:
+      - SHIB_CERT
+      - SHIB_KEY
+      - BASIC_AUTH_USERS_AUTH
+    deploy:
+      replicas: 1
+      placement:
+        constraints: [node.role == manager]
+      labels:
+        # router for basic auth based access (https)
+        - "traefik.http.routers.shibauth.rule=Host(`emg-secure.pass.copernicus.eu`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
+        - "traefik.http.routers.shibauth.middlewares=compress@file,cors@file"
+        - "traefik.http.routers.shibauth.tls=true"
+        - "traefik.http.routers.shibauth.tls.certresolver=default"
+        - "traefik.http.routers.shibauth.entrypoints=https"
+        # router for basic auth based access (http)
+        - "traefik.http.routers.shibauth-redirect.rule=Host(`emg-secure.pass.copernicus.eu`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
+        - "traefik.http.routers.shibauth-redirect.middlewares=redirect@file"
+        - "traefik.http.routers.shibauth-redirect.entrypoints=http"
+        # general
+        - "traefik.http.services.shibauth.loadbalancer.sticky=false"
+        - "traefik.http.services.shibauth.loadbalancer.server.port=80"
+        - "traefik.docker.network=emg-extnet"
+        - "traefik.docker.lbswarm=true"
+        - "traefik.enable=true"
+    networks:
+      - emg-extnet
+    configs:
+      - source: access-control-conf
+        target: /etc/shibboleth/pass-ac.xml
 networks:
  extnet:
    name: emg-extnet
    external: true
+configs:
+  access-control-conf:
+    file: ./config/emg_pass-ac.xml
+secrets:
+  SHIB_CERT:
+    external: true
+  SHIB_KEY:
+    external: true
+  BASIC_AUTH_USERS_AUTH:
+    external: true
--- a/docker-compose.vhr18.ops.yml
+++ b/docker-compose.vhr18.ops.yml
@@ -165,7 +165,53 @@ services:
      placement:
        constraints:
          - node.labels.type == internal
+  shibauth:
+    image: testing-shibboleth
+    environment:
+      APACHE_SERVERNAME: "https://vhr18-secure.pass.copernicus.eu:443"
+    secrets:
+      - SHIB_CERT
+      - SHIB_KEY
+      - BASIC_AUTH_USERS_AUTH
+    deploy:
+      replicas: 1
+      placement:
+        constraints: [node.role == manager]
+      labels:
+        # router for basic auth based access (https)
+        - "traefik.http.routers.shibauth.rule=Host(`vhr18-secure.pass.copernicus.eu`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
+        - "traefik.http.routers.shibauth.middlewares=compress@file,cors@file"
+        - "traefik.http.routers.shibauth.tls=true"
+        - "traefik.http.routers.shibauth.tls.certresolver=default"
+        - "traefik.http.routers.shibauth.entrypoints=https"
+        # router for basic auth based access (http)
+        - "traefik.http.routers.shibauth-redirect.rule=Host(`vhr18-secure.pass.copernicus.eu`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
+        - "traefik.http.routers.shibauth-redirect.middlewares=redirect@file"
+        - "traefik.http.routers.shibauth-redirect.entrypoints=http"
+        # general
+        - "traefik.http.services.shibauth.loadbalancer.sticky=false"
+        - "traefik.http.services.shibauth.loadbalancer.server.port=80"
+        - "traefik.docker.network=vhr18-extnet"
+        - "traefik.docker.lbswarm=true"
+        - "traefik.enable=true"
+    networks:
+      - vhr18-extnet
+    configs:
+      - source: access-control-conf
+        target: /etc/shibboleth/pass-ac.xml
 networks:
  extnet:
    name: vhr18-extnet
    external: true
+configs:
+  access-control-conf:
+    file: ./config/vhr18_pass-ac.xml
+secrets:
+  SHIB_CERT:
+    external: true
+  SHIB_KEY:
+    external: true
+  BASIC_AUTH_USERS_APIAUTH:
+    external: true
+  BASIC_AUTH_USERS_AUTH:
+    external: true