From 5b5c8db0e26c346f82dff04f7690597605266f47 Mon Sep 17 00:00:00 2001
From: Lubomir Dolezal <lubomir.bucek@eox.at>
Date: Thu, 20 Jan 2022 14:03:00 +0100
Subject: [PATCH] add optional terrain server to compose template

---
 .../templates/docker-compose.instance.yml     | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/vs_starter/templates/docker-compose.instance.yml b/vs_starter/templates/docker-compose.instance.yml
index 4e21bbe..d5d65c2 100644
--- a/vs_starter/templates/docker-compose.instance.yml
+++ b/vs_starter/templates/docker-compose.instance.yml
@@ -305,6 +305,48 @@ services:
         target: /etc/shibboleth/shibd.logger
       - source: native-logger
         target: /etc/shibboleth/native.logger
+{%- if terrain_server_enabled %}
+  terrain:
+    image: geodata/cesium-terrain-server
+    volumes:
+      - type: bind
+        source: ../../mount2/
+        target: /data/tilesets/terrain
+    command:
+      ["cesium-terrain-server", "-dir", "/data/tilesets/terrain", "-port", "80"]
+    deploy:
+      placement:
+        constraints: [node.role == manager]
+      labels:
+        - "traefik.http.routers.{{slug}}-terrain-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/tilesets/terrain-mesh`)"
+        - "traefik.http.middlewares.{{slug}}-terrain-shib-fa.forwardauth.address=http://shibauth-{{slug}}/secure"
+        - "traefik.http.routers.{{slug}}-terrain-shib.middlewares={{slug}}-terrain-shib-fa,compress@file,cors@file"
+        - "traefik.http.routers.{{slug}}-terrain-shib.tls=true"
+        - "traefik.http.routers.{{slug}}-terrain-shib.tls.certresolver=default"
+        - "traefik.http.routers.{{slug}}-terrain-shib.entrypoints=https"
+        # router for shib auth based access (http)
+        - "traefik.http.routers.{{slug}}-terrain-redirect-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/tilesets/terrain-mesh`)"
+        - "traefik.http.routers.{{slug}}-terrain-redirect-shib.middlewares=redirect@file"
+        - "traefik.http.routers.{{slug}}-terrain-redirect-shib.entrypoints=http"
+        # router for basic auth based access (https)
+        - "traefik.http.routers.{{slug}}-terrain.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`) && PathPrefix(`/tilesets/terrain-mesh`)"
+        - "traefik.http.routers.{{slug}}-terrain.middlewares=auth@file,compress@file,cors@file"
+        - "traefik.http.routers.{{slug}}-terrain.tls=true"
+        - "traefik.http.routers.{{slug}}-terrain.tls.certresolver=default"
+        - "traefik.http.routers.{{slug}}-terrain.entrypoints=https"
+        # router for basic auth based access (http)
+        - "traefik.http.routers.{{slug}}-terrain-redirect.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`) && PathPrefix(`/tilesets/terrain-mesh`)"
+        - "traefik.http.routers.{{slug}}-terrain-redirect.middlewares=redirect@file"
+        - "traefik.http.routers.{{slug}}-terrain-redirect.entrypoints=http"
+        # general
+        - "traefik.http.services.{{slug}}-terrain.loadbalancer.sticky=false"
+        - "traefik.http.services.{{slug}}-terrain.loadbalancer.server.port=80"
+        - "traefik.docker.network={{slug}}-extnet"
+        - "traefik.docker.lbswarm=true"
+        - "traefik.enable=true"
+    networks:
+      - extnet
+{%- endif %}
 networks:
   extnet:
     name: {{slug}}-extnet
-- 
GitLab