diff --git a/docker-compose.base.ops.yml b/docker-compose.base.ops.yml
index d4a0eb35ce705eaab4a3bfcab36955f439eebb37..002a236d8c848041cf0e129a3d9fec4b5466d2d1 100644
--- a/docker-compose.base.ops.yml
+++ b/docker-compose.base.ops.yml
@@ -28,40 +28,9 @@ services:
- emg-extnet
- dem-extnet
- logging-extnet
- - shib-extnet
secrets:
- BASIC_AUTH_USERS_APIAUTH
- BASIC_AUTH_USERS_AUTH
- shibauth:
- image: testing-shibboleth
- environment:
- APACHE_SERVERNAME: "https://emg.pdas.prism.eox.at:443"
- secrets:
- - SHIB_CERT
- - SHIB_KEY
- deploy:
- replicas: 1
- placement:
- constraints: [node.role == manager]
- labels:
- # router for basic auth based access (https)
- - "traefik.http.routers.shibauth.rule=Host(`emg.pdas.prism.eox.at`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
- - "traefik.http.routers.shibauth.middlewares=compress@file,cors@file"
- - "traefik.http.routers.shibauth.tls=true"
- - "traefik.http.routers.shibauth.tls.certresolver=default"
- - "traefik.http.routers.shibauth.entrypoints=https"
- # router for basic auth based access (http)
- - "traefik.http.routers.shibauth-redirect.rule=Host(`emg.pdas.prism.eox.at`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
- - "traefik.http.routers.shibauth-redirect.middlewares=redirect@file"
- - "traefik.http.routers.shibauth-redirect.entrypoints=http"
- # general
- - "traefik.http.services.shibauth.loadbalancer.sticky=false"
- - "traefik.http.services.shibauth.loadbalancer.server.port=80"
- - "traefik.docker.network=shib-extnet"
- - "traefik.docker.lbswarm=true"
- - "traefik.enable=true"
- networks:
- - shib-extnet
volumes:
traefik-data:
networks:
@@ -73,13 +42,7 @@ networks:
name: dem-extnet
logging-extnet:
name: logging-extnet
- shib-extnet:
- name: shib-extnet
secrets:
- SHIB_CERT:
- external: true
- SHIB_KEY:
- external: true
BASIC_AUTH_USERS_APIAUTH:
external: true
BASIC_AUTH_USERS_AUTH:
diff --git a/docker-compose.dem.ops.yml b/docker-compose.dem.ops.yml
index cb1223d87281dd9954939bfdc845546d63d167a5..72615fcadf36586ce6d408c77bc59c0c14af16ad 100644
--- a/docker-compose.dem.ops.yml
+++ b/docker-compose.dem.ops.yml
@@ -165,7 +165,51 @@ services:
placement:
constraints:
- node.labels.type == internal
+ shibauth:
+ image: testing-shibboleth
+ environment:
+ APACHE_SERVERNAME: "https://dem-secure.pass.copernicus.eu:443"
+ secrets:
+ - SHIB_CERT
+ - SHIB_KEY
+ - BASIC_AUTH_USERS_AUTH
+ deploy:
+ replicas: 1
+ placement:
+ constraints: [node.role == manager]
+ labels:
+ # router for basic auth based access (https)
+ - "traefik.http.routers.shibauth.rule=Host(`dem-secure.pass.copernicus.eu`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
+ - "traefik.http.routers.shibauth.middlewares=compress@file,cors@file"
+ - "traefik.http.routers.shibauth.tls=true"
+ - "traefik.http.routers.shibauth.tls.certresolver=default"
+ - "traefik.http.routers.shibauth.entrypoints=https"
+ # router for basic auth based access (http)
+ - "traefik.http.routers.shibauth-redirect.rule=Host(`dem-secure.pass.copernicus.eu`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
+ - "traefik.http.routers.shibauth-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.shibauth-redirect.entrypoints=http"
+ # general
+ - "traefik.http.services.shibauth.loadbalancer.sticky=false"
+ - "traefik.http.services.shibauth.loadbalancer.server.port=80"
+ - "traefik.docker.network=dem-extnet"
+ - "traefik.docker.lbswarm=true"
+ - "traefik.enable=true"
+ networks:
+ - dem-extnet
+ configs:
+ - source: access-control-conf
+ target: /etc/shibboleth/pass-ac.xml
networks:
extnet:
name: dem-extnet
external: true
+configs:
+ access-control-conf:
+ file: ./config/dem_pass-ac.xml
+secrets:
+ SHIB_CERT:
+ external: true
+ SHIB_KEY:
+ external: true
+ BASIC_AUTH_USERS_AUTH:
+ external: true
diff --git a/docker-compose.emg.ops.yml b/docker-compose.emg.ops.yml
index 4f344da80d0d2daae8fccbc6563e91dfc672879e..30ab1f097d22e676a0c032229fbf9c218b4b77e8 100644
--- a/docker-compose.emg.ops.yml
+++ b/docker-compose.emg.ops.yml
@@ -155,7 +155,51 @@ services:
placement:
constraints:
- node.labels.type == internal
+ shibauth:
+ image: testing-shibboleth
+ environment:
+ APACHE_SERVERNAME: "https://emg-secure.pass.copernicus.eu:443"
+ secrets:
+ - SHIB_CERT
+ - SHIB_KEY
+ - BASIC_AUTH_USERS_AUTH
+ deploy:
+ replicas: 1
+ placement:
+ constraints: [node.role == manager]
+ labels:
+ # router for basic auth based access (https)
+ - "traefik.http.routers.shibauth.rule=Host(`emg-secure.pass.copernicus.eu`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
+ - "traefik.http.routers.shibauth.middlewares=compress@file,cors@file"
+ - "traefik.http.routers.shibauth.tls=true"
+ - "traefik.http.routers.shibauth.tls.certresolver=default"
+ - "traefik.http.routers.shibauth.entrypoints=https"
+ # router for basic auth based access (http)
+ - "traefik.http.routers.shibauth-redirect.rule=Host(`emg-secure.pass.copernicus.eu`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
+ - "traefik.http.routers.shibauth-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.shibauth-redirect.entrypoints=http"
+ # general
+ - "traefik.http.services.shibauth.loadbalancer.sticky=false"
+ - "traefik.http.services.shibauth.loadbalancer.server.port=80"
+ - "traefik.docker.network=emg-extnet"
+ - "traefik.docker.lbswarm=true"
+ - "traefik.enable=true"
+ networks:
+ - emg-extnet
+ configs:
+ - source: access-control-conf
+ target: /etc/shibboleth/pass-ac.xml
networks:
extnet:
name: emg-extnet
external: true
+configs:
+ access-control-conf:
+ file: ./config/emg_pass-ac.xml
+secrets:
+ SHIB_CERT:
+ external: true
+ SHIB_KEY:
+ external: true
+ BASIC_AUTH_USERS_AUTH:
+ external: true
diff --git a/docker-compose.vhr18.ops.yml b/docker-compose.vhr18.ops.yml
index 738fc6f07382b964d23510e837f980fc7217613e..7ce490bc3d9b0805bb506ec9fed66bc6eb6530a7 100644
--- a/docker-compose.vhr18.ops.yml
+++ b/docker-compose.vhr18.ops.yml
@@ -165,7 +165,53 @@ services:
placement:
constraints:
- node.labels.type == internal
+ shibauth:
+ image: testing-shibboleth
+ environment:
+ APACHE_SERVERNAME: "https://vhr18-secure.pass.copernicus.eu:443"
+ secrets:
+ - SHIB_CERT
+ - SHIB_KEY
+ - BASIC_AUTH_USERS_AUTH
+ deploy:
+ replicas: 1
+ placement:
+ constraints: [node.role == manager]
+ labels:
+ # router for basic auth based access (https)
+ - "traefik.http.routers.shibauth.rule=Host(`vhr18-secure.pass.copernicus.eu`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
+ - "traefik.http.routers.shibauth.middlewares=compress@file,cors@file"
+ - "traefik.http.routers.shibauth.tls=true"
+ - "traefik.http.routers.shibauth.tls.certresolver=default"
+ - "traefik.http.routers.shibauth.entrypoints=https"
+ # router for basic auth based access (http)
+ - "traefik.http.routers.shibauth-redirect.rule=Host(`vhr18-secure.pass.copernicus.eu`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
+ - "traefik.http.routers.shibauth-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.shibauth-redirect.entrypoints=http"
+ # general
+ - "traefik.http.services.shibauth.loadbalancer.sticky=false"
+ - "traefik.http.services.shibauth.loadbalancer.server.port=80"
+ - "traefik.docker.network=vhr18-extnet"
+ - "traefik.docker.lbswarm=true"
+ - "traefik.enable=true"
+ networks:
+ - vhr18-extnet
+ configs:
+ - source: access-control-conf
+ target: /etc/shibboleth/pass-ac.xml
networks:
extnet:
name: vhr18-extnet
external: true
+configs:
+ access-control-conf:
+ file: ./config/vhr18_pass-ac.xml
+secrets:
+ SHIB_CERT:
+ external: true
+ SHIB_KEY:
+ external: true
+ BASIC_AUTH_USERS_APIAUTH:
+ external: true
+ BASIC_AUTH_USERS_AUTH:
+ external: true