Newer
Older
version: "3.8"
{%- if environment != "dev" %}
database:
volumes:
- type: tmpfs
target: /dev/shm
tmpfs:
size: 536870912
renderer:
image: registry.gitlab.eox.at/vs/core:{{ docker_image_versions['registry.gitlab.eox.at/vs/core'] }}
environment:
INSTALL_DIR: "/var/www/pvs/ops/"
INSTANCE_DIR: "/var/www/pvs/ops/pvs_instance/"
deploy:
labels:
# router for shib auth based access (https)
- "traefik.http.routers.{{slug}}-renderer-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`, `/http`)"
- "traefik.http.middlewares.{{slug}}-renderer-shib-fa.forwardauth.address=http://shibauth-{{slug}}/secure"
- "traefik.http.routers.{{slug}}-renderer-shib.middlewares={{slug}}-renderer-shib-fa,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-renderer-shib.tls=true"
- "traefik.http.routers.{{slug}}-renderer-shib.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-renderer-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.{{slug}}-renderer-redirect-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`, `/http`)"
- "traefik.http.routers.{{slug}}-renderer-redirect-shib.middlewares=redirect@file"
- "traefik.http.routers.{{slug}}-renderer-redirect-shib.entrypoints=http"
# router for internal proxy based access with checking header (https)
{%- if environment == "ops" %}
- "traefik.http.middlewares.{{slug}}-pass-wl.ipwhitelist.sourcerange=172.30.78.20"
{%- else %}
- "traefik.http.middlewares.{{slug}}-pass-wl.ipwhitelist.sourcerange=178.248.89.10,178.248.89.19"
{%- endif %}
- "traefik.http.middlewares.{{slug}}-renderer-proxy-fa.forwardauth.address=http://shibauth-{{slug}}/proxy-renderer"
- "traefik.http.routers.{{slug}}-renderer-proxy.rule=Host(`proxy.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/http`) && (HeadersRegexp(`Oa-User-Category`, `[a-zA-Z]+`) || HeadersRegexp(`Oa-User-Category-Collection-Groups`, `[a-zA-Z]+`))"
- "traefik.http.routers.{{slug}}-renderer-proxy.middlewares={{slug}}-pass-wl,{{slug}}-renderer-proxy-fa,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-renderer-proxy.tls=true"
- "traefik.http.routers.{{slug}}-renderer-proxy.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-renderer-proxy.entrypoints=https"
# router for internal proxy based access with checking header (http)
- "traefik.http.routers.{{slug}}-renderer-redirect-proxy.rule=Host(`proxy.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/http`)"
- "traefik.http.routers.{{slug}}-renderer-redirect-proxy.middlewares={{slug}}-pass-wl,redirect@file"
- "traefik.http.routers.{{slug}}-renderer-redirect-proxy.entrypoints=http"
# router for internal proxy based access without checking header (https)
{%- if environment == "ops" %}
- "traefik.http.middlewares.{{slug}}-pass-wl-noheader.ipwhitelist.sourcerange=172.30.78.8,172.30.78.11,10.30.72.35"
{%- else %}
- "traefik.http.middlewares.{{slug}}-pass-wl-noheader.ipwhitelist.sourcerange=172.30.78.8,172.30.78.11,178.248.89.10,178.248.89.19"
{%- endif %}
- "traefik.http.routers.{{slug}}-renderer-proxy-noheader.rule=Host(`proxy.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/http`)"
- "traefik.http.routers.{{slug}}-renderer-proxy-noheader.middlewares={{slug}}-pass-wl-noheader,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-renderer-proxy-noheader.tls=true"
- "traefik.http.routers.{{slug}}-renderer-proxy-noheader.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-renderer-proxy-noheader.entrypoints=https"
# router for internal proxy based access without checking header (http)
- "traefik.http.routers.{{slug}}-renderer-redirect-proxy-noheader.rule=Host(`proxy.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/http`)"
- "traefik.http.routers.{{slug}}-renderer-redirect-proxy-noheader.middlewares={{slug}}-pass-wl-noheader,redirect@file"
- "traefik.http.routers.{{slug}}-renderer-redirect-proxy-noheader.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.{{slug}}-renderer.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`) && PathPrefix(`/ows`, `/opensearch`, `/admin`, `/http`)"
- "traefik.http.routers.{{slug}}-renderer.middlewares=auth@file,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-renderer.tls=true"
- "traefik.http.routers.{{slug}}-renderer.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-renderer.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.{{slug}}-renderer-redirect.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`) && PathPrefix(`/ows`, `/opensearch`, `/admin`, `/http`)"
- "traefik.http.routers.{{slug}}-renderer-redirect.middlewares=redirect@file"
- "traefik.http.routers.{{slug}}-renderer-redirect.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-renderer.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-renderer.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
{%- if environment == "ops" %}
{%- endif %}
{%- if environment == "ops" %}
placement:
constraints:
- node.labels.type == external
{%- endif %}
image: registry.gitlab.eox.at/vs/cache:{{ docker_image_versions['registry.gitlab.eox.at/vs/cache'] }}
deploy:
labels:
- "traefik.http.middlewares.cache-stripprefix.stripprefix.prefixes=/cache"
# router for shib auth based access (https)
- "traefik.http.routers.{{slug}}-cache-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.middlewares.{{slug}}-cache-shib-fa.forwardauth.address=http://shibauth-{{slug}}/secure"
- "traefik.http.middlewares.{{slug}}-cache-shib-chain.chain.middlewares={{slug}}-cache-shib-fa,cache-stripprefix,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-cache-shib.middlewares={{slug}}-cache-shib-chain"
- "traefik.http.routers.{{slug}}-cache-shib.tls=true"
- "traefik.http.routers.{{slug}}-cache-shib.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-cache-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.{{slug}}-cache-redirect-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.{{slug}}-cache-redirect-shib.middlewares=redirect@file"
- "traefik.http.routers.{{slug}}-cache-redirect-shib.entrypoints=http"
# router for internal proxy based access with checking header (https)
{%- if environment == "ops" %}
- "traefik.http.middlewares.{{slug}}-pass-wl.ipwhitelist.sourcerange=172.30.78.20"
{%- else %}
- "traefik.http.middlewares.{{slug}}-pass-wl.ipwhitelist.sourcerange=178.248.89.10,178.248.89.19"
{%- endif %}
- "traefik.http.routers.{{slug}}-cache-proxy.rule=Host(`proxy.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/cache`) && (HeadersRegexp(`Oa-User-Category`, `[a-zA-Z]+`) || HeadersRegexp(`Oa-User-Category-Collection-Groups`, `[a-zA-Z]+`))"
- "traefik.http.middlewares.{{slug}}-cache-proxy-fa.forwardauth.address=http://shibauth-{{slug}}/proxy-cache"
- "traefik.http.routers.{{slug}}-cache-proxy.middlewares={{slug}}-cache-proxy-chain"
- "traefik.http.middlewares.{{slug}}-cache-proxy-chain.chain.middlewares={{slug}}-pass-wl,{{slug}}-cache-proxy-fa,cache-stripprefix,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-cache-proxy.tls=true"
- "traefik.http.routers.{{slug}}-cache-proxy.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-cache-proxy.entrypoints=https"
# router for internal proxy based access with checking header (http)
- "traefik.http.routers.{{slug}}-cache-redirect-proxy.rule=Host(`proxy.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.{{slug}}-cache-redirect-proxy.middlewares={{slug}}-pass-wl,redirect@file"
- "traefik.http.routers.{{slug}}-cache-redirect-proxy.entrypoints=http"
# router for internal proxy based access without checking header (https)
{%- if environment == "ops" %}
- "traefik.http.middlewares.{{slug}}-pass-wl-noheader.ipwhitelist.sourcerange=172.30.78.8,172.30.78.11,10.30.72.35"
{%- else %}
- "traefik.http.middlewares.{{slug}}-pass-wl-noheader.ipwhitelist.sourcerange=172.30.78.8,172.30.78.11,178.248.89.10,178.248.89.19"
{%- endif %}
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
- "traefik.http.routers.{{slug}}-cache-proxy-noheader.rule=Host(`proxy.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.{{slug}}-cache-proxy-noheader.middlewares={{slug}}-cache-proxy-chain-noheader"
- "traefik.http.middlewares.{{slug}}-cache-proxy-chain-noheader.chain.middlewares={{slug}}-pass-wl-noheader,cache-stripprefix,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-cache-proxy-noheader.tls=true"
- "traefik.http.routers.{{slug}}-cache-proxy-noheader.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-cache-proxy-noheader.entrypoints=https"
# router for internal proxy based access without checking header (http)
- "traefik.http.routers.{{slug}}-cache-redirect-proxy-noheader.rule=Host(`proxy.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.{{slug}}-cache-redirect-proxy-noheader.middlewares={{slug}}-pass-wl-noheader,redirect@file"
- "traefik.http.routers.{{slug}}-cache-redirect-proxy-noheader.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.{{slug}}-cache.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`) && PathPrefix(`/cache`)"
- "traefik.http.routers.{{slug}}-cache.middlewares=auth@file,cache-stripprefix,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-cache.tls=true"
- "traefik.http.routers.{{slug}}-cache.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-cache.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.{{slug}}-cache-redirect.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`) && PathPrefix(`/cache`)"
- "traefik.http.routers.{{slug}}-cache-redirect.middlewares=redirect@file"
- "traefik.http.routers.{{slug}}-cache-redirect.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-cache.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-cache.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
{%- if environment == "ops" %}
{%- endif %}
{%- if environment == "ops" %}
placement:
constraints:
- node.labels.type == external
{%- endif %}
image: registry.gitlab.eox.at/vs/core:{{ docker_image_versions['registry.gitlab.eox.at/vs/core'] }}
environment:
INSTALL_DIR: "/var/www/pvs/ops/"
INSTANCE_DIR: "/var/www/pvs/ops/pvs_instance/"
deploy:
replicas: 1
placement:
constraints: [node.role == manager]
ingestor:
image: registry.gitlab.eox.at/vs/ingestor:{{ docker_image_versions['registry.gitlab.eox.at/vs/ingestor'] }}
environment:
REDIS_PREPROCESS_MD_QUEUE_KEY: "preprocess_queue"
INOTIFY_MASKS: "IN_MOVED_TO"
deploy:
placement:
constraints: [node.role == manager]
sftp:
image: registry.gitlab.eox.at/esa/prism/sftp:release-1.0.0
deploy:
placement:
constraints: [node.role == manager]
configs:
- source: sftp_ssh_host_rsa_key
target: /etc/ssh/ssh_host_rsa_key
mode: 0600
- source: sftp_ssh_host_ed25519_key
target: /etc/ssh/ssh_host_ed25519_key
mode: 0600
client:
image: registry.gitlab.eox.at/vs/client:{{ docker_image_versions['registry.gitlab.eox.at/vs/client'] }}
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
target: /usr/share/nginx/html/index.html
deploy:
labels:
# router for shib auth based access (https)
- "traefik.http.routers.{{slug}}-client-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`)"
- "traefik.http.middlewares.{{slug}}-client-shib-fa.forwardauth.address=http://shibauth-{{slug}}/secure"
- "traefik.http.routers.{{slug}}-client-shib.middlewares={{slug}}-client-shib-fa,compress@file"
- "traefik.http.routers.{{slug}}-client-shib.tls=true"
- "traefik.http.routers.{{slug}}-client-shib.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-client-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.{{slug}}-client-redirect-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`)"
- "traefik.http.routers.{{slug}}-client-redirect-shib.middlewares=redirect@file"
- "traefik.http.routers.{{slug}}-client-redirect-shib.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.{{slug}}-client.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`)"
- "traefik.http.routers.{{slug}}-client.middlewares=auth@file,compress@file"
- "traefik.http.routers.{{slug}}-client.tls=true"
- "traefik.http.routers.{{slug}}-client.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-client.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.{{slug}}-client-redirect.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`)"
- "traefik.http.routers.{{slug}}-client-redirect.middlewares=redirect@file"
- "traefik.http.routers.{{slug}}-client-redirect.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-client.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-client.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
{%- if environment == "ops" %}
placement:
constraints:
- node.labels.type == external
{%- endif %}
image: registry.gitlab.eox.at/vs/preprocessor:{{ docker_image_versions['registry.gitlab.eox.at/vs/preprocessor'] }}
volumes:
- type: bind
source: /var/vhr
target: /tmp
{%- if environment == "ops" %}
placement:
constraints:
- node.labels.type == internal
{%- endif %}
image: registry.gitlab.eox.at/esa/prism/shibauth:release-1.0.1
environment:
APACHE_SERVERNAME: "https://sso.{{slug}}.pass.copernicus.eu:443"
USER_CATEGORY_ALLOW_RENDERER: "{{shibauth_renderer}}"
USER_CATEGORY_ALLOW_CACHE: "{{shibauth_cache}}"
SPEntityID: "https://{{slug}}.pass.copernicus.eu/shibboleth"
{%- if environment == "ops" %}
IDPEntityID: "https://ssoidp.copernicus.eu:443/shibboleth"
{%- else %}
IDPEntityID: "https://umssoidp.cdsv3.eu:443/shibboleth"
{%- endif %}
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
secrets:
- source: EMG_SHIB_CERT
target: SHIB_CERT
- source: EMG_SHIB_KEY
target: SHIB_KEY
deploy:
replicas: 1
placement:
constraints: [node.role == manager]
labels:
# router for basic auth based access (https)
- "traefik.http.routers.{{slug}}-shibauth.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/Shibboleth.sso`)"
- "traefik.http.routers.{{slug}}-shibauth.middlewares=compress@file,cors@file"
- "traefik.http.routers.{{slug}}-shibauth.tls=true"
- "traefik.http.routers.{{slug}}-shibauth.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-shibauth.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.{{slug}}-shibauth-redirect.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/Shibboleth.sso`)"
- "traefik.http.routers.{{slug}}-shibauth-redirect.middlewares=redirect@file"
- "traefik.http.routers.{{slug}}-shibauth-redirect.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-shibauth.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-shibauth.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
networks:
- extnet
configs:
- source: shib-apache
target: /etc/httpd/conf.d/shib.conf
- source: shib-attribute-map
target: /etc/shibboleth/attribute-map.xml
- source: idp-metadata
target: /etc/shibboleth/idp-metadata.xml
- source: shibd-logger
target: /etc/shibboleth/shibd.logger
- source: native-logger
target: /etc/shibboleth/native.logger
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
terrain:
image: geodata/cesium-terrain-server
volumes:
- type: bind
source: ../../mount2/
target: /data/tilesets/terrain
command:
["cesium-terrain-server", "-dir", "/data/tilesets/terrain", "-port", "80"]
deploy:
placement:
constraints: [node.role == manager]
labels:
- "traefik.http.routers.{{slug}}-terrain-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/tilesets/terrain-mesh`)"
- "traefik.http.middlewares.{{slug}}-terrain-shib-fa.forwardauth.address=http://shibauth-{{slug}}/secure"
- "traefik.http.routers.{{slug}}-terrain-shib.middlewares={{slug}}-terrain-shib-fa,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-terrain-shib.tls=true"
- "traefik.http.routers.{{slug}}-terrain-shib.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-terrain-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.{{slug}}-terrain-redirect-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/tilesets/terrain-mesh`)"
- "traefik.http.routers.{{slug}}-terrain-redirect-shib.middlewares=redirect@file"
- "traefik.http.routers.{{slug}}-terrain-redirect-shib.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.{{slug}}-terrain.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`) && PathPrefix(`/tilesets/terrain-mesh`)"
- "traefik.http.routers.{{slug}}-terrain.middlewares=auth@file,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-terrain.tls=true"
- "traefik.http.routers.{{slug}}-terrain.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-terrain.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.{{slug}}-terrain-redirect.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`) && PathPrefix(`/tilesets/terrain-mesh`)"
- "traefik.http.routers.{{slug}}-terrain-redirect.middlewares=redirect@file"
- "traefik.http.routers.{{slug}}-terrain-redirect.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-terrain.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-terrain.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
networks:
- extnet
image: registry.gitlab.eox.at/esa/prism/dem-app:latest
- "traefik.http.middlewares.dem-app-stripprefix.stripprefix.prefixes=/dem-app"
# router for shib auth based access (https)
- "traefik.http.routers.{{slug}}-dem-app-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/dem-app`)"
- "traefik.http.middlewares.{{slug}}-dem-app-shib-fa.forwardauth.address=http://shibauth-{{slug}}/secure"
- "traefik.http.routers.{{slug}}-dem-app-shib.middlewares=dem-app-stripprefix,{{slug}}-dem-app-shib-fa,compress@file"
- "traefik.http.routers.{{slug}}-dem-app-shib.tls=true"
- "traefik.http.routers.{{slug}}-dem-app-shib.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-dem-app-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.{{slug}}-dem-app-redirect-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/dem-app`)"
- "traefik.http.routers.{{slug}}-dem-app-redirect-shib.middlewares=dem-app-stripprefix,redirect@file"
- "traefik.http.routers.{{slug}}-dem-app-redirect-shib.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.{{slug}}-dem-app.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`) && PathPrefix(`/dem-app`)"
- "traefik.http.routers.{{slug}}-dem-app.middlewares=dem-app-stripprefix,auth@file,compress@file"
- "traefik.http.routers.{{slug}}-dem-app.tls=true"
- "traefik.http.routers.{{slug}}-dem-app.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-dem-app.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.{{slug}}-dem-app-redirect.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`) && PathPrefix(`/dem-app`)"
- "traefik.http.routers.{{slug}}-dem-app-redirect.middlewares=dem-app-stripprefix,redirect@file"
- "traefik.http.routers.{{slug}}-dem-app-redirect.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-dem-app.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-dem-app.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
placement:
constraints:
- node.labels.type == external
networks:
- extnet
networks:
extnet:
name: {{slug}}-extnet
external: true
configs:
shib-apache:
idp-metadata:
external: true
sftp_ssh_host_rsa_key:
external: true
sftp_ssh_host_ed25519_key:
external: true
secrets:
EMG_SHIB_CERT:
external: true
EMG_SHIB_KEY:
external: true
{%- else %} {# environment is dev #}
database:
networks:
- extnet
sftp:
image: registry.gitlab.eox.at/esa/prism/sftp:release-1.0.0
image: registry.gitlab.eox.at/vs/ingestor:dev
environment:
REDIS_PREPROCESS_MD_QUEUE_KEY: "preprocess_queue"
fluentd:
image: registry.gitlab.eox.at/esa/prism/fluentd:release-1.0.0
image: registry.gitlab.eox.at/vs/client:dev
volumes:
- type: bind
source: ./config/index.html
target: /index.html
deploy:
labels:
# router for basic access (http)
- "traefik.http.routers.{{slug}}-client.rule=Host(`{{slug}}.localhost`)"
- "traefik.http.routers.{{slug}}-client.middlewares=compress@file"
- "traefik.http.routers.{{slug}}-client.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-client.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-client.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
image: registry.gitlab.eox.at/vs/core:dev
environment:
DEV: "true"
deploy:
labels:
# router for basic access (http)
- "traefik.http.routers.{{slug}}-renderer.rule=Host(`{{slug}}.localhost`) && PathPrefix(`/ows`, `/opensearch`, `/admin`, `/http`)"
- "traefik.http.routers.{{slug}}-renderer.middlewares=compress@file,cors@file"
- "traefik.http.routers.{{slug}}-renderer.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-renderer.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-renderer.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
image: registry.gitlab.eox.at/vs/core:dev
environment:
DEV: "true"
image: registry.gitlab.eox.at/vs/cache:dev
deploy:
labels:
# router for basic access (http)
- "traefik.http.middlewares.cache-stripprefix.stripprefix.prefixes=/cache"
- "traefik.http.routers.{{slug}}-cache.rule=Host(`{{slug}}.localhost`) && PathPrefix(`/cache`)"
- "traefik.http.routers.{{slug}}-cache.middlewares=cache-stripprefix,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-cache.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-cache.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-cache.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
preprocessor:
image: registry.gitlab.eox.at/vs/preprocessor:dev
environment:
DEBUG: "true"
volumes:
- type: tmpfs
target: /tmp
reverse-proxy:
image: traefik:2.4
ports:
- target: 80
published: 80
protocol: tcp
mode: host
volumes:
# point to configs/base when rendered
- /var/run/docker.sock:/var/run/docker.sock
- ../base/traefik.yml:/etc/traefik/traefik.yml
- ../base/traefik-dynamic.yml:/etc/traefik/traefik-dynamic.yml
networks:
- extnet
{%- if slug in ["dem", "demF"] %}
dem-app:
image: registry.gitlab.eox.at/esa/prism/dem-app:dev
deploy:
labels:
# router for basic access (http)
- "traefik.http.middlewares.dem-app-stripprefix.stripprefix.prefixes=/dem-app"
- "traefik.http.routers.{{slug}}-dem-app.rule=Host(`{{slug}}.localhost`) && PathPrefix(`/dem-app`)"
- "traefik.http.routers.{{slug}}-dem-app.middlewares=dem-app-stripprefix,compress@file"
- "traefik.http.routers.{{slug}}-dem-app.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-dem-app.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-dem-app.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
networks:
- extnet
{%- endif %}
networks:
extnet:
name: {{slug}}-extnet
{%- endif %}