From 5f1e9b004a836f5092d41dbb2168c0dc1a4593cf Mon Sep 17 00:00:00 2001
From: Fabian Schindler <fabian.schindler.strauss@gmail.com>
Date: Tue, 29 Sep 2020 16:35:47 +0200
Subject: [PATCH] Using {{slug}}-secure for shibboleth authed routes
---
docker-compose.dem.ops.yml | 52 +++++++++++++++++++++++++++++++++++-
docker-compose.emg.ops.yml | 50 ++++++++++++++++++++++++++++++++++
docker-compose.vhr18.ops.yml | 52 +++++++++++++++++++++++++++++++++++-
3 files changed, 152 insertions(+), 2 deletions(-)
diff --git a/docker-compose.dem.ops.yml b/docker-compose.dem.ops.yml
index 57d7b33e..a1f677ea 100644
--- a/docker-compose.dem.ops.yml
+++ b/docker-compose.dem.ops.yml
@@ -14,7 +14,7 @@ services:
labels:
# router for basic auth based access (https)
- "traefik.http.routers.dem-renderer.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
- - "traefik.http.routers.dem-renderer.middlewares=auth@file,compress@file,cors@file,shibAuth@file"
+ - "traefik.http.routers.dem-renderer.middlewares=auth@file,compress@file,cors@file"
- "traefik.http.routers.dem-renderer.tls=true"
- "traefik.http.routers.dem-renderer.tls.certresolver=default"
- "traefik.http.routers.dem-renderer.entrypoints=https"
@@ -32,6 +32,26 @@ services:
- "traefik.http.routers.dem-renderer_referer-redirect.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|dem.pdas.prism.eox.at|dem.pass.copernicus.eu)/?`)"
- "traefik.http.routers.dem-renderer_referer-redirect.middlewares=redirect@file"
- "traefik.http.routers.dem-renderer_referer-redirect.entrypoints=http"
+ # router for shibboleth based auth based access (https)
+ - "traefik.http.routers.dem-renderer.rule=Host(`dem-secure.pdas.prism.eox.at`, `a.dem-secure.pdas.prism.eox.at`, `b.dem-secure.pdas.prism.eox.at`, `c.dem-secure.pdas.prism.eox.at`, `d.dem-secure.pdas.prism.eox.at`, `e.dem-secure.pdas.prism.eox.at`, `f.dem-secure.pdas.prism.eox.at`, `g.dem-secure.pdas.prism.eox.at`, `h.dem-secure.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
+ - "traefik.http.routers.dem-renderer.middlewares=compress@file,cors@file,shibAuth@file"
+ - "traefik.http.routers.dem-renderer.tls=true"
+ - "traefik.http.routers.dem-renderer.tls.certresolver=default"
+ - "traefik.http.routers.dem-renderer.entrypoints=https"
+ # router for shibboleth shibboleth auth based access (http)
+ - "traefik.http.routers.dem-renderer-redirect.rule=Host(`dem-secure.pdas.prism.eox.at`, `a.dem-secure.pdas.prism.eox.at`, `b.dem-secure.pdas.prism.eox.at`, `c.dem-secure.pdas.prism.eox.at`, `d.dem-secure.pdas.prism.eox.at`, `e.dem-secure.pdas.prism.eox.at`, `f.dem-secure.pdas.prism.eox.at`, `g.dem-secure.pdas.prism.eox.at`, `h.dem-secure.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
+ - "traefik.http.routers.dem-renderer-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.dem-renderer-redirect.entrypoints=http"
+ # router for referrer shibboleth based access (https)
+ - "traefik.http.routers.dem-renderer_referer.rule=Host(`dem-secure.pdas.prism.eox.at`, `a.dem-secure.pdas.prism.eox.at`, `b.dem-secure.pdas.prism.eox.at`, `c.dem-secure.pdas.prism.eox.at`, `d.dem-secure.pdas.prism.eox.at`, `e.dem-secure.pdas.prism.eox.at`, `f.dem-secure.pdas.prism.eox.at`, `g.dem-secure.pdas.prism.eox.at`, `h.dem-secure.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|dem-secure.pdas.prism.eox.at|dem-secure.pass.copernicus.eu)/?`)"
+ - "traefik.http.routers.dem-renderer_referer.middlewares=compress@file,cors@file"
+ - "traefik.http.routers.dem-renderer_referer.tls=true"
+ - "traefik.http.routers.dem-renderer_referer.tls.certresolver=default"
+ - "traefik.http.routers.dem-renderer_referer.entrypoints=https"
+ # router for referrer based access (http)
+ - "traefik.http.routers.dem-renderer_referer-redirect.rule=Host(`dem-secure.pdas.prism.eox.at`, `a.dem-secure.pdas.prism.eox.at`, `b.dem-secure.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem-secure.pdas.prism.eox.at`, `e.dem-secure.pdas.prism.eox.at`, `f.dem-secure.pdas.prism.eox.at`, `g.dem-secure.pdas.prism.eox.at`, `h.dem-secure.pdas.prism.eox.at`, `dem-secure.pass.copernicus.eu`, `a.dem-secure.pass.copernicus.eu`, `b.dem-secure.pass.copernicus.eu`, `c.dem-secure.pass.copernicus.eu`, `d.dem-secure.pass.copernicus.eu`, `e.dem-secure.pass.copernicus.eu`, `f.dem-secure.pass.copernicus.eu`, `g.dem-secure.pass.copernicus.eu`, `h.dem-secure.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|dem-secure.pdas.prism.eox.at|dem-secure.pass.copernicus.eu)/?`)"
+ - "traefik.http.routers.dem-renderer_referer-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.dem-renderer_referer-redirect.entrypoints=http"
# general
- "traefik.http.services.dem-renderer.loadbalancer.sticky=false"
- "traefik.http.services.dem-renderer.loadbalancer.server.port=80"
@@ -74,6 +94,26 @@ services:
- "traefik.http.routers.dem-cache_referer-redirect.rule=Host(`dem.pdas.prism.eox.at`, `a.dem.pdas.prism.eox.at`, `b.dem.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem.pdas.prism.eox.at`, `e.dem.pdas.prism.eox.at`, `f.dem.pdas.prism.eox.at`, `g.dem.pdas.prism.eox.at`, `h.dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|dem.pdas.prism.eox.at|dem.pass.copernicus.eu)/?`)"
- "traefik.http.routers.dem-cache_referer-redirect.middlewares=redirect@file"
- "traefik.http.routers.dem-cache_referer-redirect.entrypoints=http"
+ # router for shibboleth based auth based access (https)
+ - "traefik.http.routers.dem-renderer.rule=Host(`dem-secure.pdas.prism.eox.at`, `a.dem-secure.pdas.prism.eox.at`, `b.dem-secure.pdas.prism.eox.at`, `c.dem-secure.pdas.prism.eox.at`, `d.dem-secure.pdas.prism.eox.at`, `e.dem-secure.pdas.prism.eox.at`, `f.dem-secure.pdas.prism.eox.at`, `g.dem-secure.pdas.prism.eox.at`, `h.dem-secure.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
+ - "traefik.http.routers.dem-renderer.middlewares=compress@file,cors@file,shibAuth@file"
+ - "traefik.http.routers.dem-renderer.tls=true"
+ - "traefik.http.routers.dem-renderer.tls.certresolver=default"
+ - "traefik.http.routers.dem-renderer.entrypoints=https"
+ # router for shibboleth shibboleth auth based access (http)
+ - "traefik.http.routers.dem-renderer-redirect.rule=Host(`dem-secure.pdas.prism.eox.at`, `a.dem-secure.pdas.prism.eox.at`, `b.dem-secure.pdas.prism.eox.at`, `c.dem-secure.pdas.prism.eox.at`, `d.dem-secure.pdas.prism.eox.at`, `e.dem-secure.pdas.prism.eox.at`, `f.dem-secure.pdas.prism.eox.at`, `g.dem-secure.pdas.prism.eox.at`, `h.dem-secure.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
+ - "traefik.http.routers.dem-renderer-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.dem-renderer-redirect.entrypoints=http"
+ # router for referrer shibboleth based access (https)
+ - "traefik.http.routers.dem-renderer_referer.rule=Host(`dem-secure.pdas.prism.eox.at`, `a.dem-secure.pdas.prism.eox.at`, `b.dem-secure.pdas.prism.eox.at`, `c.dem-secure.pdas.prism.eox.at`, `d.dem-secure.pdas.prism.eox.at`, `e.dem-secure.pdas.prism.eox.at`, `f.dem-secure.pdas.prism.eox.at`, `g.dem-secure.pdas.prism.eox.at`, `h.dem-secure.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|dem-secure.pdas.prism.eox.at|dem-secure.pass.copernicus.eu)/?`)"
+ - "traefik.http.routers.dem-renderer_referer.middlewares=compress@file,cors@file"
+ - "traefik.http.routers.dem-renderer_referer.tls=true"
+ - "traefik.http.routers.dem-renderer_referer.tls.certresolver=default"
+ - "traefik.http.routers.dem-renderer_referer.entrypoints=https"
+ # router for referrer based access (http)
+ - "traefik.http.routers.dem-renderer_referer-redirect.rule=Host(`dem-secure.pdas.prism.eox.at`, `a.dem-secure.pdas.prism.eox.at`, `b.dem-secure.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.dem-secure.pdas.prism.eox.at`, `e.dem-secure.pdas.prism.eox.at`, `f.dem-secure.pdas.prism.eox.at`, `g.dem-secure.pdas.prism.eox.at`, `h.dem-secure.pdas.prism.eox.at`, `dem-secure.pass.copernicus.eu`, `a.dem-secure.pass.copernicus.eu`, `b.dem-secure.pass.copernicus.eu`, `c.dem-secure.pass.copernicus.eu`, `d.dem-secure.pass.copernicus.eu`, `e.dem-secure.pass.copernicus.eu`, `f.dem-secure.pass.copernicus.eu`, `g.dem-secure.pass.copernicus.eu`, `h.dem-secure.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|dem-secure.pdas.prism.eox.at|dem-secure.pass.copernicus.eu)/?`)"
+ - "traefik.http.routers.dem-renderer_referer-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.dem-renderer_referer-redirect.entrypoints=http"
# general
- "traefik.http.services.dem-cache.loadbalancer.sticky=false"
- "traefik.http.services.dem-cache.loadbalancer.server.port=80"
@@ -114,6 +154,16 @@ services:
- "traefik.http.routers.dem-client-redirect.rule=Host(`dem.pdas.prism.eox.at`, `dem.pass.copernicus.eu`)"
- "traefik.http.routers.dem-client-redirect.middlewares=redirect@file"
- "traefik.http.routers.dem-client-redirect.entrypoints=http"
+ # router for basic auth based access (https)
+ - "traefik.http.routers.dem-client.rule=Host(`dem-secure.pdas.prism.eox.at`, `dem-secure.pass.copernicus.eu`)"
+ - "traefik.http.routers.dem-client.middlewares=shibAuth@file,compress@file"
+ - "traefik.http.routers.dem-client.tls=true"
+ - "traefik.http.routers.dem-client.tls.certresolver=default"
+ - "traefik.http.routers.dem-client.entrypoints=https"
+ # router for basic auth based access (http)
+ - "traefik.http.routers.dem-client-redirect.rule=Host(`dem-secure.pdas.prism.eox.at`, `dem-secure.pass.copernicus.eu`)"
+ - "traefik.http.routers.dem-client-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.dem-client-redirect.entrypoints=http"
# general
- "traefik.http.services.dem-client.loadbalancer.sticky=false"
- "traefik.http.services.dem-client.loadbalancer.server.port=80"
diff --git a/docker-compose.emg.ops.yml b/docker-compose.emg.ops.yml
index 46852d3f..5d00a095 100644
--- a/docker-compose.emg.ops.yml
+++ b/docker-compose.emg.ops.yml
@@ -32,6 +32,26 @@ services:
- "traefik.http.routers.emg-renderer_referer-redirect.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|emg.pdas.prism.eox.at|emg.pass.copernicus.eu)/?`)"
- "traefik.http.routers.emg-renderer_referer-redirect.middlewares=redirect@file"
- "traefik.http.routers.emg-renderer_referer-redirect.entrypoints=http"
+ # router for shibboleth based auth based access (https)
+ - "traefik.http.routers.emg-renderer.rule=Host(`emg-secure.pdas.prism.eox.at`, `a.emg-secure.pdas.prism.eox.at`, `b.emg-secure.pdas.prism.eox.at`, `c.emg-secure.pdas.prism.eox.at`, `d.emg-secure.pdas.prism.eox.at`, `e.emg-secure.pdas.prism.eox.at`, `f.emg-secure.pdas.prism.eox.at`, `g.emg-secure.pdas.prism.eox.at`, `h.emg-secure.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
+ - "traefik.http.routers.emg-renderer.middlewares=compress@file,cors@file,shibAuth@file"
+ - "traefik.http.routers.emg-renderer.tls=true"
+ - "traefik.http.routers.emg-renderer.tls.certresolver=default"
+ - "traefik.http.routers.emg-renderer.entrypoints=https"
+ # router for shibboleth shibboleth auth based access (http)
+ - "traefik.http.routers.emg-renderer-redirect.rule=Host(`emg-secure.pdas.prism.eox.at`, `a.emg-secure.pdas.prism.eox.at`, `b.emg-secure.pdas.prism.eox.at`, `c.emg-secure.pdas.prism.eox.at`, `d.emg-secure.pdas.prism.eox.at`, `e.emg-secure.pdas.prism.eox.at`, `f.emg-secure.pdas.prism.eox.at`, `g.emg-secure.pdas.prism.eox.at`, `h.emg-secure.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
+ - "traefik.http.routers.emg-renderer-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.emg-renderer-redirect.entrypoints=http"
+ # router for referrer shibboleth based access (https)
+ - "traefik.http.routers.emg-renderer_referer.rule=Host(`emg-secure.pdas.prism.eox.at`, `a.emg-secure.pdas.prism.eox.at`, `b.emg-secure.pdas.prism.eox.at`, `c.emg-secure.pdas.prism.eox.at`, `d.emg-secure.pdas.prism.eox.at`, `e.emg-secure.pdas.prism.eox.at`, `f.emg-secure.pdas.prism.eox.at`, `g.emg-secure.pdas.prism.eox.at`, `h.emg-secure.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|emg-secure.pdas.prism.eox.at|emg-secure.pass.copernicus.eu)/?`)"
+ - "traefik.http.routers.emg-renderer_referer.middlewares=compress@file,cors@file"
+ - "traefik.http.routers.emg-renderer_referer.tls=true"
+ - "traefik.http.routers.emg-renderer_referer.tls.certresolver=default"
+ - "traefik.http.routers.emg-renderer_referer.entrypoints=https"
+ # router for referrer based access (http)
+ - "traefik.http.routers.emg-renderer_referer-redirect.rule=Host(`emg-secure.pdas.prism.eox.at`, `a.emg-secure.pdas.prism.eox.at`, `b.emg-secure.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.emg-secure.pdas.prism.eox.at`, `e.emg-secure.pdas.prism.eox.at`, `f.emg-secure.pdas.prism.eox.at`, `g.emg-secure.pdas.prism.eox.at`, `h.emg-secure.pdas.prism.eox.at`, `emg-secure.pass.copernicus.eu`, `a.emg-secure.pass.copernicus.eu`, `b.emg-secure.pass.copernicus.eu`, `c.emg-secure.pass.copernicus.eu`, `d.emg-secure.pass.copernicus.eu`, `e.emg-secure.pass.copernicus.eu`, `f.emg-secure.pass.copernicus.eu`, `g.emg-secure.pass.copernicus.eu`, `h.emg-secure.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|emg-secure.pdas.prism.eox.at|emg-secure.pass.copernicus.eu)/?`)"
+ - "traefik.http.routers.emg-renderer_referer-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.emg-renderer_referer-redirect.entrypoints=http"
# general
- "traefik.http.services.emg-renderer.loadbalancer.sticky=false"
- "traefik.http.services.emg-renderer.loadbalancer.server.port=80"
@@ -74,6 +94,26 @@ services:
- "traefik.http.routers.emg-cache_referer-redirect.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`, `a.emg.pass.copernicus.eu`, `b.emg.pass.copernicus.eu`, `c.emg.pass.copernicus.eu`, `d.emg.pass.copernicus.eu`, `e.emg.pass.copernicus.eu`, `f.emg.pass.copernicus.eu`, `g.emg.pass.copernicus.eu`, `h.emg.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|emg.pdas.prism.eox.at|emg.pass.copernicus.eu)/?`)"
- "traefik.http.routers.emg-cache_referer-redirect.middlewares=redirect@file"
- "traefik.http.routers.emg-cache_referer-redirect.entrypoints=http"
+ # router for shibboleth based auth based access (https)
+ - "traefik.http.routers.emg-renderer.rule=Host(`emg-secure.pdas.prism.eox.at`, `a.emg-secure.pdas.prism.eox.at`, `b.emg-secure.pdas.prism.eox.at`, `c.emg-secure.pdas.prism.eox.at`, `d.emg-secure.pdas.prism.eox.at`, `e.emg-secure.pdas.prism.eox.at`, `f.emg-secure.pdas.prism.eox.at`, `g.emg-secure.pdas.prism.eox.at`, `h.emg-secure.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
+ - "traefik.http.routers.emg-renderer.middlewares=compress@file,cors@file,shibAuth@file"
+ - "traefik.http.routers.emg-renderer.tls=true"
+ - "traefik.http.routers.emg-renderer.tls.certresolver=default"
+ - "traefik.http.routers.emg-renderer.entrypoints=https"
+ # router for shibboleth shibboleth auth based access (http)
+ - "traefik.http.routers.emg-renderer-redirect.rule=Host(`emg-secure.pdas.prism.eox.at`, `a.emg-secure.pdas.prism.eox.at`, `b.emg-secure.pdas.prism.eox.at`, `c.emg-secure.pdas.prism.eox.at`, `d.emg-secure.pdas.prism.eox.at`, `e.emg-secure.pdas.prism.eox.at`, `f.emg-secure.pdas.prism.eox.at`, `g.emg-secure.pdas.prism.eox.at`, `h.emg-secure.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
+ - "traefik.http.routers.emg-renderer-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.emg-renderer-redirect.entrypoints=http"
+ # router for referrer shibboleth based access (https)
+ - "traefik.http.routers.emg-renderer_referer.rule=Host(`emg-secure.pdas.prism.eox.at`, `a.emg-secure.pdas.prism.eox.at`, `b.emg-secure.pdas.prism.eox.at`, `c.emg-secure.pdas.prism.eox.at`, `d.emg-secure.pdas.prism.eox.at`, `e.emg-secure.pdas.prism.eox.at`, `f.emg-secure.pdas.prism.eox.at`, `g.emg-secure.pdas.prism.eox.at`, `h.emg-secure.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|emg-secure.pdas.prism.eox.at|emg-secure.pass.copernicus.eu)/?`)"
+ - "traefik.http.routers.emg-renderer_referer.middlewares=compress@file,cors@file"
+ - "traefik.http.routers.emg-renderer_referer.tls=true"
+ - "traefik.http.routers.emg-renderer_referer.tls.certresolver=default"
+ - "traefik.http.routers.emg-renderer_referer.entrypoints=https"
+ # router for referrer based access (http)
+ - "traefik.http.routers.emg-renderer_referer-redirect.rule=Host(`emg-secure.pdas.prism.eox.at`, `a.emg-secure.pdas.prism.eox.at`, `b.emg-secure.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.emg-secure.pdas.prism.eox.at`, `e.emg-secure.pdas.prism.eox.at`, `f.emg-secure.pdas.prism.eox.at`, `g.emg-secure.pdas.prism.eox.at`, `h.emg-secure.pdas.prism.eox.at`, `emg-secure.pass.copernicus.eu`, `a.emg-secure.pass.copernicus.eu`, `b.emg-secure.pass.copernicus.eu`, `c.emg-secure.pass.copernicus.eu`, `d.emg-secure.pass.copernicus.eu`, `e.emg-secure.pass.copernicus.eu`, `f.emg-secure.pass.copernicus.eu`, `g.emg-secure.pass.copernicus.eu`, `h.emg-secure.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|emg-secure.pdas.prism.eox.at|emg-secure.pass.copernicus.eu)/?`)"
+ - "traefik.http.routers.emg-renderer_referer-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.emg-renderer_referer-redirect.entrypoints=http"
# general
- "traefik.http.services.emg-cache.loadbalancer.sticky=false"
- "traefik.http.services.emg-cache.loadbalancer.server.port=80"
@@ -114,6 +154,16 @@ services:
- "traefik.http.routers.emg-client-redirect.rule=Host(`emg.pdas.prism.eox.at`, `emg.pass.copernicus.eu`)"
- "traefik.http.routers.emg-client-redirect.middlewares=redirect@file"
- "traefik.http.routers.emg-client-redirect.entrypoints=http"
+ # router for basic auth based access (https)
+ - "traefik.http.routers.emg-client.rule=Host(`emg-secure.pdas.prism.eox.at`, `emg-secure.pass.copernicus.eu`)"
+ - "traefik.http.routers.emg-client.middlewares=shibAuth@file,compress@file"
+ - "traefik.http.routers.emg-client.tls=true"
+ - "traefik.http.routers.emg-client.tls.certresolver=default"
+ - "traefik.http.routers.emg-client.entrypoints=https"
+ # router for basic auth based access (http)
+ - "traefik.http.routers.emg-client-redirect.rule=Host(`emg-secure.pdas.prism.eox.at`, `emg-secure.pass.copernicus.eu`)"
+ - "traefik.http.routers.emg-client-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.emg-client-redirect.entrypoints=http"
# general
- "traefik.http.services.emg-client.loadbalancer.sticky=false"
- "traefik.http.services.emg-client.loadbalancer.server.port=80"
diff --git a/docker-compose.vhr18.ops.yml b/docker-compose.vhr18.ops.yml
index 76a5948b..ee885d69 100644
--- a/docker-compose.vhr18.ops.yml
+++ b/docker-compose.vhr18.ops.yml
@@ -33,6 +33,26 @@ services:
- "traefik.http.routers.vhr18-renderer_referer-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|vhr18.pdas.prism.eox.at|vhr18.pass.copernicus.eu)/?`)"
- "traefik.http.routers.vhr18-renderer_referer-redirect.middlewares=redirect@file"
- "traefik.http.routers.vhr18-renderer_referer-redirect.entrypoints=http"
+ # router for shibboleth based auth based access (https)
+ - "traefik.http.routers.vhr18-renderer.rule=Host(`vhr18-secure.pdas.prism.eox.at`, `a.vhr18-secure.pdas.prism.eox.at`, `b.vhr18-secure.pdas.prism.eox.at`, `c.vhr18-secure.pdas.prism.eox.at`, `d.vhr18-secure.pdas.prism.eox.at`, `e.vhr18-secure.pdas.prism.eox.at`, `f.vhr18-secure.pdas.prism.eox.at`, `g.vhr18-secure.pdas.prism.eox.at`, `h.vhr18-secure.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
+ - "traefik.http.routers.vhr18-renderer.middlewares=compress@file,cors@file,shibAuth@file"
+ - "traefik.http.routers.vhr18-renderer.tls=true"
+ - "traefik.http.routers.vhr18-renderer.tls.certresolver=default"
+ - "traefik.http.routers.vhr18-renderer.entrypoints=https"
+ # router for shibboleth shibboleth auth based access (http)
+ - "traefik.http.routers.vhr18-renderer-redirect.rule=Host(`vhr18-secure.pdas.prism.eox.at`, `a.vhr18-secure.pdas.prism.eox.at`, `b.vhr18-secure.pdas.prism.eox.at`, `c.vhr18-secure.pdas.prism.eox.at`, `d.vhr18-secure.pdas.prism.eox.at`, `e.vhr18-secure.pdas.prism.eox.at`, `f.vhr18-secure.pdas.prism.eox.at`, `g.vhr18-secure.pdas.prism.eox.at`, `h.vhr18-secure.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
+ - "traefik.http.routers.vhr18-renderer-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.vhr18-renderer-redirect.entrypoints=http"
+ # router for referrer shibboleth based access (https)
+ - "traefik.http.routers.vhr18-renderer_referer.rule=Host(`vhr18-secure.pdas.prism.eox.at`, `a.vhr18-secure.pdas.prism.eox.at`, `b.vhr18-secure.pdas.prism.eox.at`, `c.vhr18-secure.pdas.prism.eox.at`, `d.vhr18-secure.pdas.prism.eox.at`, `e.vhr18-secure.pdas.prism.eox.at`, `f.vhr18-secure.pdas.prism.eox.at`, `g.vhr18-secure.pdas.prism.eox.at`, `h.vhr18-secure.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|vhr18-secure.pdas.prism.eox.at|vhr18-secure.pass.copernicus.eu)/?`)"
+ - "traefik.http.routers.vhr18-renderer_referer.middlewares=compress@file,cors@file"
+ - "traefik.http.routers.vhr18-renderer_referer.tls=true"
+ - "traefik.http.routers.vhr18-renderer_referer.tls.certresolver=default"
+ - "traefik.http.routers.vhr18-renderer_referer.entrypoints=https"
+ # router for referrer based access (http)
+ - "traefik.http.routers.vhr18-renderer_referer-redirect.rule=Host(`vhr18-secure.pdas.prism.eox.at`, `a.vhr18-secure.pdas.prism.eox.at`, `b.vhr18-secure.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.vhr18-secure.pdas.prism.eox.at`, `e.vhr18-secure.pdas.prism.eox.at`, `f.vhr18-secure.pdas.prism.eox.at`, `g.vhr18-secure.pdas.prism.eox.at`, `h.vhr18-secure.pdas.prism.eox.at`, `vhr18-secure.pass.copernicus.eu`, `a.vhr18-secure.pass.copernicus.eu`, `b.vhr18-secure.pass.copernicus.eu`, `c.vhr18-secure.pass.copernicus.eu`, `d.vhr18-secure.pass.copernicus.eu`, `e.vhr18-secure.pass.copernicus.eu`, `f.vhr18-secure.pass.copernicus.eu`, `g.vhr18-secure.pass.copernicus.eu`, `h.vhr18-secure.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|vhr18-secure.pdas.prism.eox.at|vhr18-secure.pass.copernicus.eu)/?`)"
+ - "traefik.http.routers.vhr18-renderer_referer-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.vhr18-renderer_referer-redirect.entrypoints=http"
# general
- "traefik.http.services.vhr18-renderer.loadbalancer.sticky=false"
- "traefik.http.services.vhr18-renderer.loadbalancer.server.port=80"
@@ -74,6 +94,26 @@ services:
- "traefik.http.routers.vhr18-cache_referer-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `a.vhr18.pdas.prism.eox.at`, `b.vhr18.pdas.prism.eox.at`, `c.vhr18.pdas.prism.eox.at`, `d.vhr18.pdas.prism.eox.at`, `e.vhr18.pdas.prism.eox.at`, `f.vhr18.pdas.prism.eox.at`, `g.vhr18.pdas.prism.eox.at`, `h.vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`, `a.vhr18.pass.copernicus.eu`, `b.vhr18.pass.copernicus.eu`, `c.vhr18.pass.copernicus.eu`, `d.vhr18.pass.copernicus.eu`, `e.vhr18.pass.copernicus.eu`, `f.vhr18.pass.copernicus.eu`, `g.vhr18.pass.copernicus.eu`, `h.vhr18.pass.copernicus.eu`) && PathPrefix(`/cache`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|vhr18.pdas.prism.eox.at|vhr18.pass.copernicus.eu)/?`)"
- "traefik.http.routers.vhr18-cache_referer-redirect.middlewares=redirect@file"
- "traefik.http.routers.vhr18-cache_referer-redirect.entrypoints=http"
+ # router for shibboleth based auth based access (https)
+ - "traefik.http.routers.vhr18-cache-renderer.rule=Host(`vhr18-secure.pdas.prism.eox.at`, `a.vhr18-secure.pdas.prism.eox.at`, `b.vhr18-secure.pdas.prism.eox.at`, `c.vhr18-secure.pdas.prism.eox.at`, `d.vhr18-secure.pdas.prism.eox.at`, `e.vhr18-secure.pdas.prism.eox.at`, `f.vhr18-secure.pdas.prism.eox.at`, `g.vhr18-secure.pdas.prism.eox.at`, `h.vhr18-secure.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
+ - "traefik.http.routers.vhr18-cache-renderer.middlewares=compress@file,cors@file,shibAuth@file"
+ - "traefik.http.routers.vhr18-cache-renderer.tls=true"
+ - "traefik.http.routers.vhr18-cache-renderer.tls.certresolver=default"
+ - "traefik.http.routers.vhr18-cache-renderer.entrypoints=https"
+ # router for shibboleth shibboleth auth based access (http)
+ - "traefik.http.routers.vhr18-cache-renderer-redirect.rule=Host(`vhr18-secure.pdas.prism.eox.at`, `a.vhr18-secure.pdas.prism.eox.at`, `b.vhr18-secure.pdas.prism.eox.at`, `c.vhr18-secure.pdas.prism.eox.at`, `d.vhr18-secure.pdas.prism.eox.at`, `e.vhr18-secure.pdas.prism.eox.at`, `f.vhr18-secure.pdas.prism.eox.at`, `g.vhr18-secure.pdas.prism.eox.at`, `h.vhr18-secure.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
+ - "traefik.http.routers.vhr18-cache-renderer-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.vhr18-cache-renderer-redirect.entrypoints=http"
+ # router for referrer shibboleth based access (https)
+ - "traefik.http.routers.vhr18-cache-renderer_referer.rule=Host(`vhr18-secure.pdas.prism.eox.at`, `a.vhr18-secure.pdas.prism.eox.at`, `b.vhr18-secure.pdas.prism.eox.at`, `c.vhr18-secure.pdas.prism.eox.at`, `d.vhr18-secure.pdas.prism.eox.at`, `e.vhr18-secure.pdas.prism.eox.at`, `f.vhr18-secure.pdas.prism.eox.at`, `g.vhr18-secure.pdas.prism.eox.at`, `h.vhr18-secure.pdas.prism.eox.at`, `dem.pass.copernicus.eu`, `a.dem.pass.copernicus.eu`, `b.dem.pass.copernicus.eu`, `c.dem.pass.copernicus.eu`, `d.dem.pass.copernicus.eu`, `e.dem.pass.copernicus.eu`, `f.dem.pass.copernicus.eu`, `g.dem.pass.copernicus.eu`, `h.dem.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|vhr18-secure.pdas.prism.eox.at|vhr18-secure.pass.copernicus.eu)/?`)"
+ - "traefik.http.routers.vhr18-cache-renderer_referer.middlewares=compress@file,cors@file"
+ - "traefik.http.routers.vhr18-cache-renderer_referer.tls=true"
+ - "traefik.http.routers.vhr18-cache-renderer_referer.tls.certresolver=default"
+ - "traefik.http.routers.vhr18-cache-renderer_referer.entrypoints=https"
+ # router for referrer based access (http)
+ - "traefik.http.routers.vhr18-cache-renderer_referer-redirect.rule=Host(`vhr18-secure.pdas.prism.eox.at`, `a.vhr18-secure.pdas.prism.eox.at`, `b.vhr18-secure.pdas.prism.eox.at`, `c.dem.pdas.prism.eox.at`, `d.vhr18-secure.pdas.prism.eox.at`, `e.vhr18-secure.pdas.prism.eox.at`, `f.vhr18-secure.pdas.prism.eox.at`, `g.vhr18-secure.pdas.prism.eox.at`, `h.vhr18-secure.pdas.prism.eox.at`, `vhr18-secure.pass.copernicus.eu`, `a.vhr18-secure.pass.copernicus.eu`, `b.vhr18-secure.pass.copernicus.eu`, `c.vhr18-secure.pass.copernicus.eu`, `d.vhr18-secure.pass.copernicus.eu`, `e.vhr18-secure.pass.copernicus.eu`, `f.vhr18-secure.pass.copernicus.eu`, `g.vhr18-secure.pass.copernicus.eu`, `h.vhr18-secure.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`) && HeadersRegexp(`Referer`, `(https?://)?(panda.copernicus.eu|panda.cdsv3.eu|panda-demo.ondaprism.eu|panda-demo.copernicus.eu|cdsportal-demo.copernicus.eu|ocqc-demo.copernicus.eu|vhr18-secure.pdas.prism.eox.at|vhr18-secure.pass.copernicus.eu)/?`)"
+ - "traefik.http.routers.vhr18-cache-renderer_referer-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.vhr18-cache-renderer_referer-redirect.entrypoints=http"
# general
- "traefik.http.services.vhr18-cache.loadbalancer.sticky=false"
- "traefik.http.services.vhr18-cache.loadbalancer.server.port=80"
@@ -106,7 +146,7 @@ services:
labels:
# router for basic auth based access (https)
- "traefik.http.routers.vhr18-client.rule=Host(`vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`)"
- - "traefik.http.routers.vhr18-client.middlewares=auth@file,compress@file,shibAuth@file"
+ - "traefik.http.routers.vhr18-client.middlewares=auth@file,compress@file"
- "traefik.http.routers.vhr18-client.tls=true"
- "traefik.http.routers.vhr18-client.tls.certresolver=default"
- "traefik.http.routers.vhr18-client.entrypoints=https"
@@ -114,6 +154,16 @@ services:
- "traefik.http.routers.vhr18-client-redirect.rule=Host(`vhr18.pdas.prism.eox.at`, `vhr18.pass.copernicus.eu`)"
- "traefik.http.routers.vhr18-client-redirect.middlewares=redirect@file"
- "traefik.http.routers.vhr18-client-redirect.entrypoints=http"
+ # router for basic auth based access (https)
+ - "traefik.http.routers.vhr18-client.rule=Host(`vhr18-secure.pdas.prism.eox.at`, `vhr18-secure.pass.copernicus.eu`)"
+ - "traefik.http.routers.vhr18-client.middlewares=shibAuth@file,compress@file"
+ - "traefik.http.routers.vhr18-client.tls=true"
+ - "traefik.http.routers.vhr18-client.tls.certresolver=default"
+ - "traefik.http.routers.vhr18-client.entrypoints=https"
+ # router for basic auth based access (http)
+ - "traefik.http.routers.vhr18-client-redirect.rule=Host(`vhr18-secure.pdas.prism.eox.at`, `vhr18-secure.pass.copernicus.eu`)"
+ - "traefik.http.routers.vhr18-client-redirect.middlewares=redirect@file"
+ - "traefik.http.routers.vhr18-client-redirect.entrypoints=http"
# general
- "traefik.http.services.vhr18-client.loadbalancer.sticky=false"
- "traefik.http.services.vhr18-client.loadbalancer.server.port=80"
--
GitLab