EOX GitLab Instance

Skip to content
Snippets Groups Projects
Commit 408aae4f authored by Lubomir Dolezal's avatar Lubomir Dolezal
Browse files

Sso config updates

parent e2a86fdd
No related branches found
No related tags found
1 merge request!49Production release 1.1.1
Hide whitespace changes
Inline Side-by-side
docker-compose.dem.ops.yml
+ 11
141
View file @ 408aae4f
......@@ -14,34 +14,14 @@ services:
INSTANCE_DIR: "/var/www/pvs/ops/pvs_instance/"
deploy:
labels:
# router for shib auth based access (https)
- "traefik.http.routers.dem-renderer-shib.rule=Host(`dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.dem-renderer-shib.middlewares=shibAuth@file,compress@file,cors@file"
- "traefik.http.routers.dem-renderer-shib.tls=true"
- "traefik.http.routers.dem-renderer-shib.tls.certresolver=default"
- "traefik.http.routers.dem-renderer-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.dem-renderer-redirect-shib.rule=Host(`dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.dem-renderer-redirect-shib.middlewares=redirect@file"
- "traefik.http.routers.dem-renderer-redirect-shib.entrypoints=http"
# router for referrer based access (https)
- "traefik.http.routers.dem-renderer_referer.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|spdm-intservices.cds.esa.int|spdm-intservices-adm.cds.esa.int|dem.pdas.prism.eox.at|dem.pass.copernicus.eu)/?`)"
- "traefik.http.routers.dem-renderer_referer.middlewares=compress@file,cors@file"
- "traefik.http.routers.dem-renderer_referer.tls=true"
- "traefik.http.routers.dem-renderer_referer.tls.certresolver=default"
- "traefik.http.routers.dem-renderer_referer.entrypoints=https"
# router for referrer based access (http)
- "traefik.http.routers.dem-renderer_referer-redirect.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|spdm-intservices.cds.esa.int|spdm-intservices-adm.cds.esa.int|dem.pdas.prism.eox.at|dem.pass.copernicus.eu)/?`)"
- "traefik.http.routers.dem-renderer_referer-redirect.middlewares=redirect@file"
- "traefik.http.routers.dem-renderer_referer-redirect.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.dem-renderer.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
# router for basic auth access (https)
- "traefik.http.routers.dem-renderer.rule=Host(`dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`, `dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.dem-renderer.middlewares=auth@file,compress@file,cors@file"
- "traefik.http.routers.dem-renderer.tls=true"
- "traefik.http.routers.dem-renderer.tls.certresolver=default"
- "traefik.http.routers.dem-renderer.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.dem-renderer-redirect.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.dem-renderer-redirect.rule=Host(`dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`, `dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.dem-renderer-redirect.middlewares=redirect@file"
- "traefik.http.routers.dem-renderer-redirect.entrypoints=http"
# general
......@@ -67,34 +47,14 @@ services:
deploy:
labels:
- "traefik.http.middlewares.cache-stripprefix.stripprefix.prefixes=/cache"
# router for shib auth based access (https)
- "traefik.http.routers.dem-cache-shib.rule=Host(`dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.dem-cache-shib.middlewares=shibAuthCache@file,cache-stripprefix,compress@file,cors@file"
- "traefik.http.routers.dem-cache-shib.tls=true"
- "traefik.http.routers.dem-cache-shib.tls.certresolver=default"
- "traefik.http.routers.dem-cache-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.dem-cache-redirect-shib.rule=Host(`dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.dem-cache-redirect-shib.middlewares=redirect@file"
- "traefik.http.routers.dem-cache-redirect-shib.entrypoints=http"
# router for referrer based access (https)
- "traefik.http.routers.dem-cache_referer.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|spdm-intservices.cds.esa.int|spdm-intservices-adm.cds.esa.int|dem.pdas.prism.eox.at|dem.pass.copernicus.eu)/?`)"
- "traefik.http.routers.dem-cache_referer.middlewares=cache-stripprefix,compress@file,cors@file"
- "traefik.http.routers.dem-cache_referer.tls=true"
- "traefik.http.routers.dem-cache_referer.tls.certresolver=default"
- "traefik.http.routers.dem-cache_referer.entrypoints=https"
# router for referrer based access (http)
- "traefik.http.routers.dem-cache_referer-redirect.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|spdm-intservices.cds.esa.int|spdm-intservices-adm.cds.esa.int|dem.pdas.prism.eox.at|dem.pass.copernicus.eu)/?`)"
- "traefik.http.routers.dem-cache_referer-redirect.middlewares=redirect@file"
- "traefik.http.routers.dem-cache_referer-redirect.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.dem-cache.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`) && PathPrefix(`/cache`)"
- "traefik.http.routers.dem-cache.middlewares=auth@file,cache-stripprefix,compress@file,cors@file"
# router for basic auth access (https)
- "traefik.http.routers.dem-cache.rule=Host(`dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`, `dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`) && PathPrefix(`/cache`)"
- "traefik.http.routers.dem-cache.middlewares=cache-stripprefix,auth@file,compress@file,cors@file"
- "traefik.http.routers.dem-cache.tls=true"
- "traefik.http.routers.dem-cache.tls.certresolver=default"
- "traefik.http.routers.dem-cache.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.dem-cache-redirect.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`) && PathPrefix(`/cache`)"
- "traefik.http.routers.dem-cache-redirect.rule=Host(`dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`, `dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`) && PathPrefix(`/cache`)"
- "traefik.http.routers.dem-cache-redirect.middlewares=redirect@file"
- "traefik.http.routers.dem-cache-redirect.entrypoints=http"
# general
......@@ -141,24 +101,14 @@ services:
target: /usr/share/nginx/html/index.html
deploy:
labels:
# router for shib auth based access (https)
- "traefik.http.routers.dem-client-shib.rule=Host(`dem.pass.copernicus.eu`)"
- "traefik.http.routers.dem-client-shib.middlewares=shibAuthCache@file,compress@file"
- "traefik.http.routers.dem-client-shib.tls=true"
- "traefik.http.routers.dem-client-shib.tls.certresolver=default"
- "traefik.http.routers.dem-client-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.dem-client-redirect-shib.rule=Host(`dem.pass.copernicus.eu`)"
- "traefik.http.routers.dem-client-redirect-shib.middlewares=redirect@file"
- "traefik.http.routers.dem-client-redirect-shib.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.dem-client.rule=Host(`dem.pdas.prism.eox.at`)"
# router for basic auth access (https)
- "traefik.http.routers.dem-client.rule=Host(`dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`)"
- "traefik.http.routers.dem-client.middlewares=auth@file,compress@file"
- "traefik.http.routers.dem-client.tls=true"
- "traefik.http.routers.dem-client.tls.certresolver=default"
- "traefik.http.routers.dem-client.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.dem-client-redirect.rule=Host(`dem.pdas.prism.eox.at`)"
# router for basic auth access (http)
- "traefik.http.routers.dem-client-redirect.rule=Host(`dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`)"
- "traefik.http.routers.dem-client-redirect.middlewares=redirect@file"
- "traefik.http.routers.dem-client-redirect.entrypoints=http"
# general
......@@ -183,87 +133,7 @@ services:
placement:
constraints:
- node.labels.type == internal
shibauth:
image: unicon/shibboleth-sp:3.0.4
environment:
APACHE_SERVERNAME: "https://dem.pass.copernicus.eu:443"
secrets:
- source: DEM_SHIB_CERT
target: SHIB_CERT
- source: DEM_SHIB_KEY
target: SHIB_KEY
- BASIC_AUTH_USERS_AUTH
deploy:
replicas: 1
placement:
constraints: [node.role == manager]
labels:
# router for basic auth based access (https)
- "traefik.http.routers.dem-shibauth.rule=Host(`dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/secure`, `/secure-cache`, `/Shibboleth.sso`)"
- "traefik.http.routers.dem-shibauth.middlewares=compress@file,cors@file"
- "traefik.http.routers.dem-shibauth.tls=true"
- "traefik.http.routers.dem-shibauth.tls.certresolver=default"
- "traefik.http.routers.dem-shibauth.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.dem-shibauth-redirect.rule=Host(`dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/secure`, `/secure-cache`, `/Shibboleth.sso`)"
- "traefik.http.routers.dem-shibauth-redirect.middlewares=redirect@file"
- "traefik.http.routers.dem-shibauth-redirect.entrypoints=http"
# general
- "traefik.http.services.dem-shibauth.loadbalancer.sticky=false"
- "traefik.http.services.dem-shibauth.loadbalancer.server.port=80"
- "traefik.docker.network=dem-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
networks:
- extnet
configs:
- source: shib-access-control-conf
target: /etc/shibboleth/pass-ac.xml
- source: shib-access-control-conf-cache
target: /etc/shibboleth/pass-ac-cache.xml
- source: shib-shibboleth2
target: /etc/shibboleth/shibboleth2.xml
- source: shib-apache
target: /etc/httpd/conf.d/shib.conf
- source: shib-attribute-map
target: /etc/shibboleth/attribute-map.xml
- source: idp-metadata
target: /etc/shibboleth/idp-metadata.xml
- source: shib-index
target: /var/www/html/secure/index.html
- source: shib-index
target: /var/www/html/secure-cache/index.html
- source: shibd-logger
target: /etc/shibboleth/shibd.logger
- source: native-logger
target: /etc/shibboleth/native.logger
networks:
extnet:
name: dem-extnet
external: true
configs:
shib-access-control-conf:
file: ./config/shibboleth/dem-ac.xml
shib-access-control-conf-cache:
file: ./config/shibboleth/dem-ac-cache.xml
shib-shibboleth2:
file: ./config/shibboleth/dem-shibboleth2.xml
shib-apache:
file: ./config/shibboleth/shib-apache.conf
shib-attribute-map:
file: ./config/shibboleth/attribute-map.xml
shib-index:
file: ./config/shibboleth/index.html
native-logger:
file: ./config/shibboleth/native.logger
shibd-logger:
file: ./config/shibboleth/shibd.logger
idp-metadata:
external: true
secrets:
DEM_SHIB_CERT:
external: true
DEM_SHIB_KEY:
external: true
BASIC_AUTH_USERS_AUTH:
external: true
docker-compose.dem.staging.yml 0 → 100644
+ 117
0
View file @ 408aae4f
version: "3.6"
services:
database:
volumes:
- type: tmpfs
target: /dev/shm
tmpfs:
size: 536870912
renderer:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_core:staging
environment:
INSTALL_DIR: "/var/www/pvs/ops/"
INSTANCE_DIR: "/var/www/pvs/ops/pvs_instance/"
deploy:
labels:
# router for basic auth access (https)
- "traefik.http.routers.dem-renderer.rule=Host(`dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`, `dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.dem-renderer.middlewares=auth@file,compress@file,cors@file"
- "traefik.http.routers.dem-renderer.tls=true"
- "traefik.http.routers.dem-renderer.tls.certresolver=default"
- "traefik.http.routers.dem-renderer.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.dem-renderer-redirect.rule=Host(`dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`, `dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.dem-renderer-redirect.middlewares=redirect@file"
- "traefik.http.routers.dem-renderer-redirect.entrypoints=http"
# general
- "traefik.http.services.dem-renderer.loadbalancer.sticky=false"
- "traefik.http.services.dem-renderer.loadbalancer.server.port=80"
- "traefik.docker.network=dem-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
replicas: 1
resources:
limits:
memory: 8G
networks:
- extnet
cache:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_cache:staging
configs:
- source: mapcache-ops
target: /mapcache-template.xml
deploy:
labels:
- "traefik.http.middlewares.cache-stripprefix.stripprefix.prefixes=/cache"
# router for basic auth access (https)
- "traefik.http.routers.dem-cache.rule=Host(`dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`, `dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`) && PathPrefix(`/cache`)"
- "traefik.http.routers.dem-cache.middlewares=cache-stripprefix,auth@file,compress@file,cors@file"
- "traefik.http.routers.dem-cache.tls=true"
- "traefik.http.routers.dem-cache.tls.certresolver=default"
- "traefik.http.routers.dem-cache.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.dem-cache-redirect.rule=Host(`dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`, `dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`) && PathPrefix(`/cache`)"
- "traefik.http.routers.dem-cache-redirect.middlewares=redirect@file"
- "traefik.http.routers.dem-cache-redirect.entrypoints=http"
# general
- "traefik.http.services.dem-cache.loadbalancer.sticky=false"
- "traefik.http.services.dem-cache.loadbalancer.server.port=80"
- "traefik.docker.network=dem-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
replicas: 1
resources:
limits:
memory: 8G
networks:
- extnet
registrar:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_core:staging
environment:
INSTALL_DIR: "/var/www/pvs/ops/"
INSTANCE_DIR: "/var/www/pvs/ops/pvs_instance/"
deploy:
replicas: 1
ingestor:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_ingestor:staging
environment:
REDIS_PREPROCESS_MD_QUEUE_KEY: "preprocess_queue"
sftp:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_sftp:staging
client:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_client:staging
configs:
- source: client-ops
target: /usr/share/nginx/html/index.html
deploy:
labels:
# router for basic auth access (https)
- "traefik.http.routers.dem-client.rule=Host(`dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`)"
- "traefik.http.routers.dem-client.middlewares=auth@file,compress@file"
- "traefik.http.routers.dem-client.tls=true"
- "traefik.http.routers.dem-client.tls.certresolver=default"
- "traefik.http.routers.dem-client.entrypoints=https"
# router for basic auth access (http)
- "traefik.http.routers.dem-client-redirect.rule=Host(`dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`)"
- "traefik.http.routers.dem-client-redirect.middlewares=redirect@file"
- "traefik.http.routers.dem-client-redirect.entrypoints=http"
# general
- "traefik.http.services.dem-client.loadbalancer.sticky=false"
- "traefik.http.services.dem-client.loadbalancer.server.port=80"
- "traefik.docker.network=dem-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
networks:
- extnet
preprocessor:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_preprocessor:staging
volumes:
- type: bind
source: /var/vhr
target: /tmp
deploy:
replicas: 1
networks:
extnet:
name: dem-extnet
external: true
docker-compose.dem.yml
+ 21
21
View file @ 408aae4f
......@@ -84,27 +84,27 @@ services:
- intnet
command:
["/run-httpd.sh"]
seeder:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_cache:latest
volumes:
- type: tmpfs
target: /tmp
env_file:
- env/dem.env
- env/dem_obs.env
secrets:
- OS_PASSWORD
environment:
INSTANCE_ID: "prism-view-server_seeder"
RENDERER_HOST: renderer
WAIT_SERVICES: "redis:6379 database:5432"
OS_PASSWORD_FILE: "/run/secrets/OS_PASSWORD"
deploy:
replicas: 0
networks:
- intnet
command:
["/run-seeder.sh"]
# seeder:
# image: registry.gitlab.eox.at/esa/prism/vs/pvs_cache:latest
# volumes:
# - type: tmpfs
# target: /tmp
# env_file:
# - env/dem.env
# - env/dem_obs.env
# secrets:
# - OS_PASSWORD
# environment:
# INSTANCE_ID: "prism-view-server_seeder"
# RENDERER_HOST: renderer
# WAIT_SERVICES: "redis:6379 database:5432"
# OS_PASSWORD_FILE: "/run/secrets/OS_PASSWORD"
# deploy:
# replicas: 0
# networks:
# - intnet
# command:
# ["/run-seeder.sh"]
preprocessor:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_preprocessor:latest
env_file:
......
docker-compose.emg.staging.yml 0 → 100644
+ 245
0
View file @ 408aae4f
version: "3.6"
services:
database:
volumes:
- type: tmpfs
target: /dev/shm
tmpfs:
size: 536870912
renderer:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_core:staging
environment:
INSTALL_DIR: "/var/www/pvs/ops/"
INSTANCE_DIR: "/var/www/pvs/ops/pvs_instance/"
deploy:
labels:
# router for shib auth based access (https)
- "traefik.http.routers.emg-renderer-shib.rule=Host(`emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.emg-renderer-shib.middlewares=shibAuth@file,compress@file,cors@file"
- "traefik.http.routers.emg-renderer-shib.tls=true"
- "traefik.http.routers.emg-renderer-shib.tls.certresolver=default"
- "traefik.http.routers.emg-renderer-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.emg-renderer-redirect-shib.rule=Host(`emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.emg-renderer-redirect-shib.middlewares=redirect@file"
- "traefik.http.routers.emg-renderer-redirect-shib.entrypoints=http"
# router for referrer based access (https)
- "traefik.http.routers.emg-renderer_referer.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|spdm-intservices.cds.esa.int|spdm-intservices-adm.cds.esa.int|emg.pdas.prism.eox.at|emg.pass.copernicus.eu)/?`)"
- "traefik.http.routers.emg-renderer_referer.middlewares=compress@file,cors@file"
- "traefik.http.routers.emg-renderer_referer.tls=true"
- "traefik.http.routers.emg-renderer_referer.tls.certresolver=default"
- "traefik.http.routers.emg-renderer_referer.entrypoints=https"
# router for referrer based access (http)
- "traefik.http.routers.emg-renderer_referer-redirect.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|spdm-intservices.cds.esa.int|spdm-intservices-adm.cds.esa.int|emg.pdas.prism.eox.at|emg.pass.copernicus.eu)/?`)"
- "traefik.http.routers.emg-renderer_referer-redirect.middlewares=redirect@file"
- "traefik.http.routers.emg-renderer_referer-redirect.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.emg-renderer.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.emg-renderer.middlewares=auth@file,compress@file,cors@file"
- "traefik.http.routers.emg-renderer.tls=true"
- "traefik.http.routers.emg-renderer.tls.certresolver=default"
- "traefik.http.routers.emg-renderer.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.emg-renderer-redirect.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.emg-renderer-redirect.middlewares=redirect@file"
- "traefik.http.routers.emg-renderer-redirect.entrypoints=http"
# general
- "traefik.http.services.emg-renderer.loadbalancer.sticky=false"
- "traefik.http.services.emg-renderer.loadbalancer.server.port=80"
- "traefik.docker.network=emg-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
replicas: 1
resources:
limits:
memory: 8G
networks:
- extnet
cache:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_cache:staging
configs:
- source: mapcache-ops
target: /mapcache-template.xml
deploy:
labels:
- "traefik.http.middlewares.cache-stripprefix.stripprefix.prefixes=/cache"
# router for shib auth based access (https)
- "traefik.http.routers.emg-cache-shib.rule=Host(`emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.emg-cache-shib.middlewares=shibAuthCache@file,cache-stripprefix,compress@file,cors@file"
- "traefik.http.routers.emg-cache-shib.tls=true"
- "traefik.http.routers.emg-cache-shib.tls.certresolver=default"
- "traefik.http.routers.emg-cache-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.emg-cache-redirect-shib.rule=Host(`emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.emg-cache-redirect-shib.middlewares=redirect@file"
- "traefik.http.routers.emg-cache-redirect-shib.entrypoints=http"
# router for referrer based access (https)
- "traefik.http.routers.emg-cache_referer.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|spdm-intservices.cds.esa.int|spdm-intservices-adm.cds.esa.int|emg.pdas.prism.eox.at|emg.pass.copernicus.eu)/?`)"
- "traefik.http.routers.emg-cache_referer.middlewares=cache-stripprefix,compress@file,cors@file"
- "traefik.http.routers.emg-cache_referer.tls=true"
- "traefik.http.routers.emg-cache_referer.tls.certresolver=default"
- "traefik.http.routers.emg-cache_referer.entrypoints=https"
# router for referrer based access (http)
- "traefik.http.routers.emg-cache_referer-redirect.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|spdm-intservices.cds.esa.int|spdm-intservices-adm.cds.esa.int|emg.pdas.prism.eox.at|emg.pass.copernicus.eu)/?`)"
- "traefik.http.routers.emg-cache_referer-redirect.middlewares=redirect@file"
- "traefik.http.routers.emg-cache_referer-redirect.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.emg-cache.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`) && PathPrefix(`/cache`)"
- "traefik.http.routers.emg-cache.middlewares=auth@file,cache-stripprefix,compress@file,cors@file"
- "traefik.http.routers.emg-cache.tls=true"
- "traefik.http.routers.emg-cache.tls.certresolver=default"
- "traefik.http.routers.emg-cache.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.emg-cache-redirect.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`) && PathPrefix(`/cache`)"
- "traefik.http.routers.emg-cache-redirect.middlewares=redirect@file"
- "traefik.http.routers.emg-cache-redirect.entrypoints=http"
# general
- "traefik.http.services.emg-cache.loadbalancer.sticky=false"
- "traefik.http.services.emg-cache.loadbalancer.server.port=80"
- "traefik.docker.network=emg-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
replicas: 1
resources:
limits:
memory: 8G
networks:
- extnet
registrar:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_core:staging
environment:
INSTALL_DIR: "/var/www/pvs/ops/"
INSTANCE_DIR: "/var/www/pvs/ops/pvs_instance/"
deploy:
replicas: 1
ingestor:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_ingestor:staging
environment:
REDIS_PREPROCESS_MD_QUEUE_KEY: "preprocess_queue"
sftp:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_sftp:staging
client:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_client:staging
configs:
- source: client-ops
target: /usr/share/nginx/html/index.html
deploy:
labels:
# router for shib auth based access (https)
- "traefik.http.routers.emg-client-shib.rule=Host(`emg.pass.copernicus.eu`)"
- "traefik.http.routers.emg-client-shib.middlewares=shibAuthCache@file,compress@file"
- "traefik.http.routers.emg-client-shib.tls=true"
- "traefik.http.routers.emg-client-shib.tls.certresolver=default"
- "traefik.http.routers.emg-client-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.emg-client-redirect-shib.rule=Host(`emg.pass.copernicus.eu`)"
- "traefik.http.routers.emg-client-redirect-shib.middlewares=redirect@file"
- "traefik.http.routers.emg-client-redirect-shib.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.emg-client.rule=Host(`emg.pdas.prism.eox.at`)"
- "traefik.http.routers.emg-client.middlewares=auth@file,compress@file"
- "traefik.http.routers.emg-client.tls=true"
- "traefik.http.routers.emg-client.tls.certresolver=default"
- "traefik.http.routers.emg-client.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.emg-client-redirect.rule=Host(`emg.pdas.prism.eox.at`)"
- "traefik.http.routers.emg-client-redirect.middlewares=redirect@file"
- "traefik.http.routers.emg-client-redirect.entrypoints=http"
# general
- "traefik.http.services.emg-client.loadbalancer.sticky=false"
- "traefik.http.services.emg-client.loadbalancer.server.port=80"
- "traefik.docker.network=emg-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
networks:
- extnet
preprocessor:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_preprocessor:staging
volumes:
- type: bind
source: /var/vhr
target: /tmp
deploy:
replicas: 1
shibauth:
image: unicon/shibboleth-sp:3.0.4
environment:
APACHE_SERVERNAME: "https://emg.pass.copernicus.eu:443"
secrets:
- source: EMG_SHIB_CERT
target: SHIB_CERT
- source: EMG_SHIB_KEY
target: SHIB_KEY
- BASIC_AUTH_USERS_AUTH
deploy:
replicas: 1
labels:
# router for basic auth based access (https)
- "traefik.http.routers.emg-shibauth.rule=Host(`emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/secure`, `/secure-cache`, `/Shibboleth.sso`)"
- "traefik.http.routers.emg-shibauth.middlewares=compress@file,cors@file"
- "traefik.http.routers.emg-shibauth.tls=true"
- "traefik.http.routers.emg-shibauth.tls.certresolver=default"
- "traefik.http.routers.emg-shibauth.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.emg-shibauth-redirect.rule=Host(`emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/secure`, `/secure-cache`, `/Shibboleth.sso`)"
- "traefik.http.routers.emg-shibauth-redirect.middlewares=redirect@file"
- "traefik.http.routers.emg-shibauth-redirect.entrypoints=http"
# general
- "traefik.http.services.emg-shibauth.loadbalancer.sticky=false"
- "traefik.http.services.emg-shibauth.loadbalancer.server.port=80"
- "traefik.docker.network=emg-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
networks:
- extnet
configs:
- source: shib-access-control-conf
target: /etc/shibboleth/pass-ac.xml
- source: shib-access-control-conf-cache
target: /etc/shibboleth/pass-ac-cache.xml
- source: shib-shibboleth2
target: /etc/shibboleth/shibboleth2.xml
- source: shib-apache
target: /etc/httpd/conf.d/shib.conf
- source: shib-attribute-map
target: /etc/shibboleth/attribute-map.xml
- source: idp-metadata
target: /etc/shibboleth/idp-metadata.xml
- source: shib-index
target: /var/www/html/secure/index.html
- source: shib-index
target: /var/www/html/secure-cache/index.html
- source: shibd-logger
target: /etc/shibboleth/shibd.logger
- source: native-logger
target: /etc/shibboleth/native.logger
networks:
extnet:
name: emg-extnet
external: true
configs:
shib-access-control-conf:
file: ./config/shibboleth/emg-ac.xml
shib-access-control-conf-cache:
file: ./config/shibboleth/emg-ac-cache.xml
shib-shibboleth2:
file: ./config/shibboleth/emg-shibboleth2.xml
shib-apache:
file: ./config/shibboleth/shib-apache.conf
shib-attribute-map:
file: ./config/shibboleth/attribute-map.xml
shib-index:
file: ./config/shibboleth/index.html
native-logger:
file: ./config/shibboleth/native.logger
shibd-logger:
file: ./config/shibboleth/shibd.logger
idp-metadata:
external: true
secrets:
EMG_SHIB_CERT:
external: true
EMG_SHIB_KEY:
external: true
BASIC_AUTH_USERS_AUTH:
external: true
docker-compose.emg.yml
+ 21
21
View file @ 408aae4f
......@@ -84,27 +84,27 @@ services:
- intnet
command:
["/run-httpd.sh"]
seeder:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_cache:latest
volumes:
- type: tmpfs
target: /tmp
env_file:
- env/emg.env
- env/emg_obs.env
secrets:
- OS_PASSWORD
environment:
INSTANCE_ID: "prism-view-server_seeder"
RENDERER_HOST: renderer
WAIT_SERVICES: "redis:6379 database:5432"
OS_PASSWORD_FILE: "/run/secrets/OS_PASSWORD"
deploy:
replicas: 0
networks:
- intnet
command:
["/run-seeder.sh"]
# seeder:
# image: registry.gitlab.eox.at/esa/prism/vs/pvs_cache:latest
# volumes:
# - type: tmpfs
# target: /tmp
# env_file:
# - env/emg.env
# - env/emg_obs.env
# secrets:
# - OS_PASSWORD
# environment:
# INSTANCE_ID: "prism-view-server_seeder"
# RENDERER_HOST: renderer
# WAIT_SERVICES: "redis:6379 database:5432"
# OS_PASSWORD_FILE: "/run/secrets/OS_PASSWORD"
# deploy:
# replicas: 0
# networks:
# - intnet
# command:
# ["/run-seeder.sh"]
ingestor:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_ingestor:latest
command:
......
docker-compose.vhr18.ops.yml
+ 14
144
View file @ 408aae4f
......@@ -15,34 +15,14 @@ services:
deploy:
replicas: 3
labels:
# router for shib auth based access (https)
- "traefik.http.routers.vhr18-renderer-shib.rule=Host(`vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.vhr18-renderer-shib.middlewares=shibAuth@file,compress@file,cors@file"
- "traefik.http.routers.vhr18-renderer-shib.tls=true"
- "traefik.http.routers.vhr18-renderer-shib.tls.certresolver=default"
- "traefik.http.routers.vhr18-renderer-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.vhr18-renderer-redirect-shib.rule=Host(`vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.vhr18-renderer-redirect-shib.middlewares=redirect@file"
- "traefik.http.routers.vhr18-renderer-redirect-shib.entrypoints=http"
# router for referrer based access (https)
- "traefik.http.routers.vhr18-renderer_referer.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|spdm-intservices.cds.esa.int|spdm-intservices-adm.cds.esa.int|vhr18.pdas.prism.eox.at|vhr18.pass.copernicus.eu)/?`)"
- "traefik.http.routers.vhr18-renderer_referer.middlewares=compress@file,cors@file"
- "traefik.http.routers.vhr18-renderer_referer.tls=true"
- "traefik.http.routers.vhr18-renderer_referer.tls.certresolver=default"
- "traefik.http.routers.vhr18-renderer_referer.entrypoints=https"
# router for referrer based access (http)
- "traefik.http.routers.vhr18-renderer_referer-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|spdm-intservices.cds.esa.int|spdm-intservices-adm.cds.esa.int|vhr18.pdas.prism.eox.at|vhr18.pass.copernicus.eu)/?`)"
- "traefik.http.routers.vhr18-renderer_referer-redirect.middlewares=redirect@file"
- "traefik.http.routers.vhr18-renderer_referer-redirect.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.vhr18-renderer.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
# router for basic auth access (https)
- "traefik.http.routers.vhr18-renderer-shib.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.vhr18-renderer.middlewares=auth@file,compress@file,cors@file"
- "traefik.http.routers.vhr18-renderer.tls=true"
- "traefik.http.routers.vhr18-renderer.tls.certresolver=default"
- "traefik.http.routers.vhr18-renderer.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.vhr18-renderer-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
# router for basic auth access (http)
- "traefik.http.routers.vhr18-renderer-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.vhr18-renderer-redirect.middlewares=redirect@file"
- "traefik.http.routers.vhr18-renderer-redirect.entrypoints=http"
# general
......@@ -67,34 +47,14 @@ services:
deploy:
labels:
- "traefik.http.middlewares.cache-stripprefix.stripprefix.prefixes=/cache"
# router for shib auth based access (https)
- "traefik.http.routers.vhr18-cache-shib.rule=Host(`vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.vhr18-cache-shib.middlewares=shibAuthCache@file,cache-stripprefix,compress@file,cors@file"
- "traefik.http.routers.vhr18-cache-shib.tls=true"
- "traefik.http.routers.vhr18-cache-shib.tls.certresolver=default"
- "traefik.http.routers.vhr18-cache-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.vhr18-cache-redirect-shib.rule=Host(`vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.vhr18-cache-redirect-shib.middlewares=redirect@file"
- "traefik.http.routers.vhr18-cache-redirect-shib.entrypoints=http"
# router for referrer based access (https)
- "traefik.http.routers.vhr18-cache_referer.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|spdm-intservices.cds.esa.int|spdm-intservices-adm.cds.esa.int|vhr18.pdas.prism.eox.at|vhr18.pass.copernicus.eu)/?`)"
- "traefik.http.routers.vhr18-cache_referer.middlewares=cache-stripprefix,compress@file,cors@file"
- "traefik.http.routers.vhr18-cache_referer.tls=true"
- "traefik.http.routers.vhr18-cache_referer.tls.certresolver=default"
- "traefik.http.routers.vhr18-cache_referer.entrypoints=https"
# router for referrer based access (http)
- "traefik.http.routers.vhr18-cache_referer-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|spdm-intservices.cds.esa.int|spdm-intservices-adm.cds.esa.int|vhr18.pdas.prism.eox.at|vhr18.pass.copernicus.eu)/?`)"
- "traefik.http.routers.vhr18-cache_referer-redirect.middlewares=redirect@file"
- "traefik.http.routers.vhr18-cache_referer-redirect.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.vhr18-cache.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`) && PathPrefix(`/cache`)"
- "traefik.http.routers.vhr18-cache.middlewares=auth@file,cache-stripprefix,compress@file,cors@file"
# router for basic auth access (https)
- "traefik.http.routers.vhr18-cache.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.vhr18-cache.middlewares=cache-stripprefix,auth@file,compress@file,cors@file"
- "traefik.http.routers.vhr18-cache.tls=true"
- "traefik.http.routers.vhr18-cache.tls.certresolver=default"
- "traefik.http.routers.vhr18-cache.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.vhr18-cache-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`) && PathPrefix(`/cache`)"
# router for basic auth access (http)
- "traefik.http.routers.vhr18-cache-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.vhr18-cache-redirect.middlewares=redirect@file"
- "traefik.http.routers.vhr18-cache-redirect.entrypoints=http"
# general
......@@ -141,24 +101,14 @@ services:
target: /usr/share/nginx/html/index.html
deploy:
labels:
# router for shib auth based access (https)
- "traefik.http.routers.vhr18-client-shib.rule=Host(`vhr18.pass.copernicus.eu`)"
- "traefik.http.routers.vhr18-client-shib.middlewares=shibAuthCache@file,compress@file"
- "traefik.http.routers.vhr18-client-shib.tls=true"
- "traefik.http.routers.vhr18-client-shib.tls.certresolver=default"
- "traefik.http.routers.vhr18-client-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.vhr18-client-redirect-shib.rule=Host(`vhr18.pass.copernicus.eu`)"
- "traefik.http.routers.vhr18-client-redirect-shib.middlewares=redirect@file"
- "traefik.http.routers.vhr18-client-redirect-shib.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.vhr18-client.rule=Host(`vhr18.pdas.prism.eox.at`)"
- "traefik.http.routers.vhr18-client.middlewares=shibAuthCache@file,compress@file"
# router for basic auth access (https)
- "traefik.http.routers.vhr18-client.rule=Host(`vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`)"
- "traefik.http.routers.vhr18-client.middlewares=auth@file,compress@file"
- "traefik.http.routers.vhr18-client.tls=true"
- "traefik.http.routers.vhr18-client.tls.certresolver=default"
- "traefik.http.routers.vhr18-client.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.vhr18-client-redirect.rule=Host(`vhr18.pdas.prism.eox.at`)"
# router for basic auth access (http)
- "traefik.http.routers.vhr18-client-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`)"
- "traefik.http.routers.vhr18-client-redirect.middlewares=redirect@file"
- "traefik.http.routers.vhr18-client-redirect.entrypoints=http"
# general
......@@ -183,87 +133,7 @@ services:
placement:
constraints:
- node.labels.type == internal
shibauth:
image: unicon/shibboleth-sp:3.0.4
environment:
APACHE_SERVERNAME: "https://vhr18.pass.copernicus.eu:443"
secrets:
- source: VHR18_SHIB_CERT
target: SHIB_CERT
- source: VHR18_SHIB_KEY
target: SHIB_KEY
- BASIC_AUTH_USERS_AUTH
deploy:
replicas: 1
placement:
constraints: [node.role == manager]
labels:
# router for basic auth based access (https)
- "traefik.http.routers.vhr18-shibauth.rule=Host(`vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/secure`, `/secure-cache`, `/Shibboleth.sso`)"
- "traefik.http.routers.vhr18-shibauth.middlewares=compress@file,cors@file"
- "traefik.http.routers.vhr18-shibauth.tls=true"
- "traefik.http.routers.vhr18-shibauth.tls.certresolver=default"
- "traefik.http.routers.vhr18-shibauth.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.vhr18-shibauth-redirect.rule=Host(`vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/secure`, `/secure-cache`, `/Shibboleth.sso`)"
- "traefik.http.routers.vhr18-shibauth-redirect.middlewares=redirect@file"
- "traefik.http.routers.vhr18-shibauth-redirect.entrypoints=http"
# general
- "traefik.http.services.vhr18-shibauth.loadbalancer.sticky=false"
- "traefik.http.services.vhr18-shibauth.loadbalancer.server.port=80"
- "traefik.docker.network=vhr18-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
networks:
- extnet
configs:
- source: shib-access-control-conf
target: /etc/shibboleth/pass-ac.xml
- source: shib-access-control-conf-cache
target: /etc/shibboleth/pass-ac-cache.xml
- source: shib-shibboleth2
target: /etc/shibboleth/shibboleth2.xml
- source: shib-apache
target: /etc/httpd/conf.d/shib.conf
- source: shib-attribute-map
target: /etc/shibboleth/attribute-map.xml
- source: idp-metadata
target: /etc/shibboleth/idp-metadata.xml
- source: shib-index
target: /var/www/html/secure/index.html
- source: shib-index
target: /var/www/html/secure-cache/index.html
- source: shibd-logger
target: /etc/shibboleth/shibd.logger
- source: native-logger
target: /etc/shibboleth/native.logger
networks:
extnet:
name: vhr18-extnet
external: true
configs:
shib-access-control-conf:
file: ./config/shibboleth/vhr18-ac.xml
shib-access-control-conf-cache:
file: ./config/shibboleth/vhr18-ac-cache.xml
shib-shibboleth2:
file: ./config/shibboleth/vhr18-shibboleth2.xml
shib-apache:
file: ./config/shibboleth/shib-apache.conf
shib-attribute-map:
file: ./config/shibboleth/attribute-map.xml
native-logger:
file: ./config/shibboleth/native.logger
shibd-logger:
file: ./config/shibboleth/shibd.logger
shib-index:
file: ./config/shibboleth/index.html
idp-metadata:
external: true
secrets:
VHR18_SHIB_CERT:
external: true
VHR18_SHIB_KEY:
external: true
BASIC_AUTH_USERS_AUTH:
external: true
docker-compose.vhr18.staging.yml 0 → 100644
+ 120
0
View file @ 408aae4f
version: "3.6"
services:
database:
volumes:
- type: tmpfs
target: /dev/shm
tmpfs:
size: 536870912
renderer:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_core:staging
environment:
INSTALL_DIR: "/var/www/pvs/ops/"
INSTANCE_DIR: "/var/www/pvs/ops/pvs_instance/"
deploy:
replicas: 1
labels:
# router for basic auth access (https)
- "traefik.http.routers.vhr18-renderer.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.vhr18-renderer.middlewares=auth@file,compress@file,cors@file"
- "traefik.http.routers.vhr18-renderer.tls=true"
- "traefik.http.routers.vhr18-renderer.tls.certresolver=default"
- "traefik.http.routers.vhr18-renderer.entrypoints=https"
# router for basic auth access (http)
- "traefik.http.routers.vhr18-renderer-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- "traefik.http.routers.vhr18-renderer-redirect.middlewares=redirect@file"
- "traefik.http.routers.vhr18-renderer-redirect.entrypoints=http"
# general
- "traefik.http.services.vhr18-renderer.loadbalancer.sticky=false"
- "traefik.http.services.vhr18-renderer.loadbalancer.server.port=80"
- "traefik.docker.network=vhr18-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
resources:
limits:
memory: 8G
placement:
constraints:
- node.labels.type == external
networks:
- extnet
cache:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_cache:staging
configs:
- source: mapcache-ops
target: /mapcache-template.xml
deploy:
labels:
- "traefik.http.middlewares.cache-stripprefix.stripprefix.prefixes=/cache"
# router for basic auth access (https)
- "traefik.http.routers.vhr18-cache.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.vhr18-cache.middlewares=cache-stripprefix,auth@file,compress@file,cors@file"
- "traefik.http.routers.vhr18-cache.tls=true"
- "traefik.http.routers.vhr18-cache.tls.certresolver=default"
- "traefik.http.routers.vhr18-cache.entrypoints=https"
# router for free access (http)
- "traefik.http.routers.vhr18-cache-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.vhr18-cache-redirect.middlewares=redirect@file"
- "traefik.http.routers.vhr18-cache-redirect.entrypoints=http"
# general
- "traefik.http.services.vhr18-cache.loadbalancer.sticky=false"
- "traefik.http.services.vhr18-cache.loadbalancer.server.port=80"
- "traefik.docker.network=vhr18-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
resources:
limits:
memory: 8G
replicas: 1
networks:
- extnet
registrar:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_core:staging
environment:
INSTALL_DIR: "/var/www/pvs/ops/"
INSTANCE_DIR: "/var/www/pvs/ops/pvs_instance/"
deploy:
replicas: 1
ingestor:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_ingestor:staging
environment:
REDIS_PREPROCESS_MD_QUEUE_KEY: "preprocess_queue"
sftp:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_sftp:staging
client:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_client:staging
configs:
- source: client-ops
target: /usr/share/nginx/html/index.html
deploy:
labels:
# router for basic auth access (https)
- "traefik.http.routers.vhr18-client.rule=Host(`vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`)"
- "traefik.http.routers.vhr18-client.middlewares=auth@file,compress@file"
- "traefik.http.routers.vhr18-client.tls=true"
- "traefik.http.routers.vhr18-client.tls.certresolver=default"
- "traefik.http.routers.vhr18-client.entrypoints=https"
# router for basic auth access (http)
- "traefik.http.routers.vhr18-client-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`)"
- "traefik.http.routers.vhr18-client-redirect.middlewares=redirect@file"
- "traefik.http.routers.vhr18-client-redirect.entrypoints=http"
# general
- "traefik.http.services.vhr18-client.loadbalancer.sticky=false"
- "traefik.http.services.vhr18-client.loadbalancer.server.port=80"
- "traefik.docker.network=vhr18-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
networks:
- extnet
preprocessor:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_preprocessor:staging
volumes:
- type: bind
source: /var/vhr
target: /tmp
deploy:
replicas: 1
networks:
extnet:
name: vhr18-extnet
external: true
docker-compose.vhr18.yml
+ 21
21
View file @ 408aae4f
......@@ -87,27 +87,27 @@ services:
- intnet
command:
["/run-httpd.sh"]
seeder:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_cache:latest
volumes:
- type: tmpfs
target: /tmp
env_file:
- env/vhr18.env
- env/vhr18_obs.env
secrets:
- OS_PASSWORD
environment:
INSTANCE_ID: "prism-view-server_seeder"
RENDERER_HOST: renderer
WAIT_SERVICES: "redis:6379 database:5432"
OS_PASSWORD_FILE: "/run/secrets/OS_PASSWORD"
deploy:
replicas: 0
networks:
- intnet
command:
["/run-seeder.sh"]
# seeder:
# image: registry.gitlab.eox.at/esa/prism/vs/pvs_cache:latest
# volumes:
# - type: tmpfs
# target: /tmp
# env_file:
# - env/vhr18.env
# - env/vhr18_obs.env
# secrets:
# - OS_PASSWORD
# environment:
# INSTANCE_ID: "prism-view-server_seeder"
# RENDERER_HOST: renderer
# WAIT_SERVICES: "redis:6379 database:5432"
# OS_PASSWORD_FILE: "/run/secrets/OS_PASSWORD"
# deploy:
# replicas: 0
# networks:
# - intnet
# command:
# ["/run-seeder.sh"]
ingestor:
image: registry.gitlab.eox.at/esa/prism/vs/pvs_ingestor:latest
command:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment