From 405f1e216003122b9a8ad172b9bcbaa950c0de3d Mon Sep 17 00:00:00 2001
From: Lubomir Bucek <lubomir.bucek@eox.at>
Date: Wed, 28 Oct 2020 10:48:01 +0100
Subject: [PATCH] [shibauth] update docker compose files for other collections
---
docker-compose.base.ops.yml | 37 -----------------------------
docker-compose.dem.ops.yml | 44 ++++++++++++++++++++++++++++++++++
docker-compose.emg.ops.yml | 44 ++++++++++++++++++++++++++++++++++
docker-compose.vhr18.ops.yml | 46 ++++++++++++++++++++++++++++++++++++
4 files changed, 134 insertions(+), 37 deletions(-)
diff --git a/docker-compose.base.ops.yml b/docker-compose.base.ops.yml
index d4a0eb35..002a236d 100644
--- a/docker-compose.base.ops.yml
+++ b/docker-compose.base.ops.yml
@@ -28,40 +28,9 @@ services:
- emg-extnet
- dem-extnet
- logging-extnet
- - shib-extnet
secrets:
- BASIC_AUTH_USERS_APIAUTH
- BASIC_AUTH_USERS_AUTH
- shibauth:
- image: testing-shibboleth
- environment:
- APACHE_SERVERNAME: "https://emg.pdas.prism.eox.at:443"
- secrets:
- - SHIB_CERT
- - SHIB_KEY
- deploy:
- replicas: 1
- placement:
- constraints: [node.role == manager]
- labels:
- # router for basic auth based access (https)
- - "traefik.http.routers.shibauth.rule=Host(`emg.pdas.prism.eox.at`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
- - "traefik.http.routers.shibauth.middlewares=compress@file,cors@file"
- - "traefik.http.routers.shibauth.tls=true"
- - "traefik.http.routers.shibauth.tls.certresolver=default"
- - "traefik.http.routers.shibauth.entrypoints=https"
- # router for basic auth based access (http)
- - "traefik.http.routers.shibauth-redirect.rule=Host(`emg.pdas.prism.eox.at`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
- - "traefik.http.routers.shibauth-redirect.middlewares=redirect@file"
- - "traefik.http.routers.shibauth-redirect.entrypoints=http"
- # general
- - "traefik.http.services.shibauth.loadbalancer.sticky=false"
- - "traefik.http.services.shibauth.loadbalancer.server.port=80"
- - "traefik.docker.network=shib-extnet"
- - "traefik.docker.lbswarm=true"
- - "traefik.enable=true"
- networks:
- - shib-extnet
volumes:
traefik-data:
networks:
@@ -73,13 +42,7 @@ networks:
name: dem-extnet
logging-extnet:
name: logging-extnet
- shib-extnet:
- name: shib-extnet
secrets:
- SHIB_CERT:
- external: true
- SHIB_KEY:
- external: true
BASIC_AUTH_USERS_APIAUTH:
external: true
BASIC_AUTH_USERS_AUTH:
diff --git a/docker-compose.dem.ops.yml b/docker-compose.dem.ops.yml
index cb1223d8..72615fca 100644
--- a/docker-compose.dem.ops.yml
+++ b/docker-compose.dem.ops.yml
@@ -165,7 +165,51 @@ services:
placement:
constraints:
- node.labels.type == internal
+ shibauth:
+ image: testing-shibboleth
+ environment:
+ APACHE_SERVERNAME: "https://dem-secure.pass.copernicus.eu:443"
+ secrets:
+ - SHIB_CERT
+ - SHIB_KEY
+ - BASIC_AUTH_USERS_AUTH
+ deploy:
+ replicas: 1
+ placement:
+ constraints: [node.role == manager]
+ labels:
+ # router for basic auth based access (https)
+ - "traefik.http.routers.shibauth.rule=Host(`dem-secure.pass.copernicus.eu`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
+ - "traefik.http.routers.shibauth.middlewares=compress@file,cors@file"
+ - "traefik.http.routers.shibauth.tls=true"
+ - "traefik.http.routers.shibauth.tls.certresolver=default"
+ - "traefik.http.routers.shibauth.entrypoints=https"
+ # router for basic auth based access (http)
+ - "traefik.http.routers.shibauth-redirect.rule=Host(`dem-secure.pass.copernicus.eu`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
+ - "traefik.http.routers.shibauth-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.shibauth-redirect.entrypoints=http"
+ # general
+ - "traefik.http.services.shibauth.loadbalancer.sticky=false"
+ - "traefik.http.services.shibauth.loadbalancer.server.port=80"
+ - "traefik.docker.network=dem-extnet"
+ - "traefik.docker.lbswarm=true"
+ - "traefik.enable=true"
+ networks:
+ - dem-extnet
+ configs:
+ - source: access-control-conf
+ target: /etc/shibboleth/pass-ac.xml
networks:
extnet:
name: dem-extnet
external: true
+configs:
+ access-control-conf:
+ file: ./config/dem_pass-ac.xml
+secrets:
+ SHIB_CERT:
+ external: true
+ SHIB_KEY:
+ external: true
+ BASIC_AUTH_USERS_AUTH:
+ external: true
diff --git a/docker-compose.emg.ops.yml b/docker-compose.emg.ops.yml
index 4f344da8..30ab1f09 100644
--- a/docker-compose.emg.ops.yml
+++ b/docker-compose.emg.ops.yml
@@ -155,7 +155,51 @@ services:
placement:
constraints:
- node.labels.type == internal
+ shibauth:
+ image: testing-shibboleth
+ environment:
+ APACHE_SERVERNAME: "https://emg-secure.pass.copernicus.eu:443"
+ secrets:
+ - SHIB_CERT
+ - SHIB_KEY
+ - BASIC_AUTH_USERS_AUTH
+ deploy:
+ replicas: 1
+ placement:
+ constraints: [node.role == manager]
+ labels:
+ # router for basic auth based access (https)
+ - "traefik.http.routers.shibauth.rule=Host(`emg-secure.pass.copernicus.eu`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
+ - "traefik.http.routers.shibauth.middlewares=compress@file,cors@file"
+ - "traefik.http.routers.shibauth.tls=true"
+ - "traefik.http.routers.shibauth.tls.certresolver=default"
+ - "traefik.http.routers.shibauth.entrypoints=https"
+ # router for basic auth based access (http)
+ - "traefik.http.routers.shibauth-redirect.rule=Host(`emg-secure.pass.copernicus.eu`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
+ - "traefik.http.routers.shibauth-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.shibauth-redirect.entrypoints=http"
+ # general
+ - "traefik.http.services.shibauth.loadbalancer.sticky=false"
+ - "traefik.http.services.shibauth.loadbalancer.server.port=80"
+ - "traefik.docker.network=emg-extnet"
+ - "traefik.docker.lbswarm=true"
+ - "traefik.enable=true"
+ networks:
+ - emg-extnet
+ configs:
+ - source: access-control-conf
+ target: /etc/shibboleth/pass-ac.xml
networks:
extnet:
name: emg-extnet
external: true
+configs:
+ access-control-conf:
+ file: ./config/emg_pass-ac.xml
+secrets:
+ SHIB_CERT:
+ external: true
+ SHIB_KEY:
+ external: true
+ BASIC_AUTH_USERS_AUTH:
+ external: true
diff --git a/docker-compose.vhr18.ops.yml b/docker-compose.vhr18.ops.yml
index 738fc6f0..7ce490bc 100644
--- a/docker-compose.vhr18.ops.yml
+++ b/docker-compose.vhr18.ops.yml
@@ -165,7 +165,53 @@ services:
placement:
constraints:
- node.labels.type == internal
+ shibauth:
+ image: testing-shibboleth
+ environment:
+ APACHE_SERVERNAME: "https://vhr18-secure.pass.copernicus.eu:443"
+ secrets:
+ - SHIB_CERT
+ - SHIB_KEY
+ - BASIC_AUTH_USERS_AUTH
+ deploy:
+ replicas: 1
+ placement:
+ constraints: [node.role == manager]
+ labels:
+ # router for basic auth based access (https)
+ - "traefik.http.routers.shibauth.rule=Host(`vhr18-secure.pass.copernicus.eu`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
+ - "traefik.http.routers.shibauth.middlewares=compress@file,cors@file"
+ - "traefik.http.routers.shibauth.tls=true"
+ - "traefik.http.routers.shibauth.tls.certresolver=default"
+ - "traefik.http.routers.shibauth.entrypoints=https"
+ # router for basic auth based access (http)
+ - "traefik.http.routers.shibauth-redirect.rule=Host(`vhr18-secure.pass.copernicus.eu`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
+ - "traefik.http.routers.shibauth-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.shibauth-redirect.entrypoints=http"
+ # general
+ - "traefik.http.services.shibauth.loadbalancer.sticky=false"
+ - "traefik.http.services.shibauth.loadbalancer.server.port=80"
+ - "traefik.docker.network=vhr18-extnet"
+ - "traefik.docker.lbswarm=true"
+ - "traefik.enable=true"
+ networks:
+ - vhr18-extnet
+ configs:
+ - source: access-control-conf
+ target: /etc/shibboleth/pass-ac.xml
networks:
extnet:
name: vhr18-extnet
external: true
+configs:
+ access-control-conf:
+ file: ./config/vhr18_pass-ac.xml
+secrets:
+ SHIB_CERT:
+ external: true
+ SHIB_KEY:
+ external: true
+ BASIC_AUTH_USERS_APIAUTH:
+ external: true
+ BASIC_AUTH_USERS_AUTH:
+ external: true
--
GitLab