version: "3.8"
services:
{%- if environment != "dev" %}
database:
volumes:
- type: tmpfs
target: /dev/shm
tmpfs:
size: 536870912
renderer:
image: registry.gitlab.eox.at/vs/core:{{ docker_image_versions['registry.gitlab.eox.at/vs/core'] }}
environment:
INSTALL_DIR: "/var/www/pvs/ops/"
INSTANCE_DIR: "/var/www/pvs/ops/pvs_instance/"
deploy:
labels:
# router for shib auth based access (https)
- "traefik.http.routers.{{slug}}-renderer-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`, `/http`)"
- "traefik.http.middlewares.{{slug}}-renderer-shib-fa.forwardauth.address=http://shibauth-{{slug}}/secure"
- "traefik.http.routers.{{slug}}-renderer-shib.middlewares={{slug}}-renderer-shib-fa,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-renderer-shib.tls=true"
- "traefik.http.routers.{{slug}}-renderer-shib.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-renderer-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.{{slug}}-renderer-redirect-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`, `/http`)"
- "traefik.http.routers.{{slug}}-renderer-redirect-shib.middlewares=redirect@file"
- "traefik.http.routers.{{slug}}-renderer-redirect-shib.entrypoints=http"
# router for internal proxy based access with checking header (https)
{%- if environment == "ops" %}
- "traefik.http.middlewares.{{slug}}-pass-wl.ipwhitelist.sourcerange=172.30.78.20"
{%- else %}
- "traefik.http.middlewares.{{slug}}-pass-wl.ipwhitelist.sourcerange=178.248.89.10,178.248.89.19"
{%- endif %}
- "traefik.http.middlewares.{{slug}}-renderer-proxy-fa.forwardauth.address=http://shibauth-{{slug}}/proxy-renderer"
- "traefik.http.routers.{{slug}}-renderer-proxy.rule=Host(`proxy.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/http`) && (HeadersRegexp(`Oa-User-Category`, `[a-zA-Z]+`) || HeadersRegexp(`Oa-User-Category-Collection-Groups`, `[a-zA-Z]+`))"
- "traefik.http.routers.{{slug}}-renderer-proxy.middlewares={{slug}}-pass-wl,{{slug}}-renderer-proxy-fa,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-renderer-proxy.tls=true"
- "traefik.http.routers.{{slug}}-renderer-proxy.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-renderer-proxy.entrypoints=https"
# router for internal proxy based access with checking header (http)
- "traefik.http.routers.{{slug}}-renderer-redirect-proxy.rule=Host(`proxy.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/http`)"
- "traefik.http.routers.{{slug}}-renderer-redirect-proxy.middlewares={{slug}}-pass-wl,redirect@file"
- "traefik.http.routers.{{slug}}-renderer-redirect-proxy.entrypoints=http"
# router for internal proxy based access without checking header (https)
{%- if environment == "ops" %}
- "traefik.http.middlewares.{{slug}}-pass-wl-noheader.ipwhitelist.sourcerange=172.30.78.8,172.30.78.11,10.30.72.35"
{%- else %}
- "traefik.http.middlewares.{{slug}}-pass-wl-noheader.ipwhitelist.sourcerange=172.30.78.8,172.30.78.11,178.248.89.10,178.248.89.19"
{%- endif %}
- "traefik.http.routers.{{slug}}-renderer-proxy-noheader.rule=Host(`proxy.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/http`)"
- "traefik.http.routers.{{slug}}-renderer-proxy-noheader.middlewares={{slug}}-pass-wl-noheader,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-renderer-proxy-noheader.tls=true"
- "traefik.http.routers.{{slug}}-renderer-proxy-noheader.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-renderer-proxy-noheader.entrypoints=https"
# router for internal proxy based access without checking header (http)
- "traefik.http.routers.{{slug}}-renderer-redirect-proxy-noheader.rule=Host(`proxy.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/http`)"
- "traefik.http.routers.{{slug}}-renderer-redirect-proxy-noheader.middlewares={{slug}}-pass-wl-noheader,redirect@file"
- "traefik.http.routers.{{slug}}-renderer-redirect-proxy-noheader.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.{{slug}}-renderer.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`) && PathPrefix(`/ows`, `/opensearch`, `/admin`, `/http`)"
- "traefik.http.routers.{{slug}}-renderer.middlewares=auth@file,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-renderer.tls=true"
- "traefik.http.routers.{{slug}}-renderer.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-renderer.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.{{slug}}-renderer-redirect.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`) && PathPrefix(`/ows`, `/opensearch`, `/admin`, `/http`)"
- "traefik.http.routers.{{slug}}-renderer-redirect.middlewares=redirect@file"
- "traefik.http.routers.{{slug}}-renderer-redirect.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-renderer.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-renderer.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
{%- if environment == "ops" %}
replicas: 3
{%- endif %}
resources:
limits:
memory: 8G
{%- if environment == "ops" %}
placement:
constraints:
- node.labels.type == external
{%- endif %}
networks:
- extnet
cache:
image: registry.gitlab.eox.at/vs/cache:{{ docker_image_versions['registry.gitlab.eox.at/vs/cache'] }}
deploy:
labels:
- "traefik.http.middlewares.cache-stripprefix.stripprefix.prefixes=/cache"
# router for shib auth based access (https)
- "traefik.http.routers.{{slug}}-cache-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.middlewares.{{slug}}-cache-shib-fa.forwardauth.address=http://shibauth-{{slug}}/secure"
- "traefik.http.middlewares.{{slug}}-cache-shib-chain.chain.middlewares={{slug}}-cache-shib-fa,cache-stripprefix,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-cache-shib.middlewares={{slug}}-cache-shib-chain"
- "traefik.http.routers.{{slug}}-cache-shib.tls=true"
- "traefik.http.routers.{{slug}}-cache-shib.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-cache-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.{{slug}}-cache-redirect-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.{{slug}}-cache-redirect-shib.middlewares=redirect@file"
- "traefik.http.routers.{{slug}}-cache-redirect-shib.entrypoints=http"
# router for internal proxy based access with checking header (https)
{%- if environment == "ops" %}
- "traefik.http.middlewares.{{slug}}-pass-wl.ipwhitelist.sourcerange=172.30.78.20"
{%- else %}
- "traefik.http.middlewares.{{slug}}-pass-wl.ipwhitelist.sourcerange=178.248.89.10,178.248.89.19"
{%- endif %}
- "traefik.http.routers.{{slug}}-cache-proxy.rule=Host(`proxy.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/cache`) && (HeadersRegexp(`Oa-User-Category`, `[a-zA-Z]+`) || HeadersRegexp(`Oa-User-Category-Collection-Groups`, `[a-zA-Z]+`))"
- "traefik.http.middlewares.{{slug}}-cache-proxy-fa.forwardauth.address=http://shibauth-{{slug}}/proxy-cache"
- "traefik.http.routers.{{slug}}-cache-proxy.middlewares={{slug}}-cache-proxy-chain"
- "traefik.http.middlewares.{{slug}}-cache-proxy-chain.chain.middlewares={{slug}}-pass-wl,{{slug}}-cache-proxy-fa,cache-stripprefix,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-cache-proxy.tls=true"
- "traefik.http.routers.{{slug}}-cache-proxy.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-cache-proxy.entrypoints=https"
# router for internal proxy based access with checking header (http)
- "traefik.http.routers.{{slug}}-cache-redirect-proxy.rule=Host(`proxy.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.{{slug}}-cache-redirect-proxy.middlewares={{slug}}-pass-wl,redirect@file"
- "traefik.http.routers.{{slug}}-cache-redirect-proxy.entrypoints=http"
# router for internal proxy based access without checking header (https)
{%- if environment == "ops" %}
- "traefik.http.middlewares.{{slug}}-pass-wl-noheader.ipwhitelist.sourcerange=172.30.78.8,172.30.78.11,10.30.72.35"
{%- else %}
- "traefik.http.middlewares.{{slug}}-pass-wl-noheader.ipwhitelist.sourcerange=172.30.78.8,172.30.78.11,178.248.89.10,178.248.89.19"
{%- endif %}
- "traefik.http.routers.{{slug}}-cache-proxy-noheader.rule=Host(`proxy.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.{{slug}}-cache-proxy-noheader.middlewares={{slug}}-cache-proxy-chain-noheader"
- "traefik.http.middlewares.{{slug}}-cache-proxy-chain-noheader.chain.middlewares={{slug}}-pass-wl-noheader,cache-stripprefix,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-cache-proxy-noheader.tls=true"
- "traefik.http.routers.{{slug}}-cache-proxy-noheader.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-cache-proxy-noheader.entrypoints=https"
# router for internal proxy based access without checking header (http)
- "traefik.http.routers.{{slug}}-cache-redirect-proxy-noheader.rule=Host(`proxy.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/cache`)"
- "traefik.http.routers.{{slug}}-cache-redirect-proxy-noheader.middlewares={{slug}}-pass-wl-noheader,redirect@file"
- "traefik.http.routers.{{slug}}-cache-redirect-proxy-noheader.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.{{slug}}-cache.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`) && PathPrefix(`/cache`)"
- "traefik.http.routers.{{slug}}-cache.middlewares=auth@file,cache-stripprefix,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-cache.tls=true"
- "traefik.http.routers.{{slug}}-cache.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-cache.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.{{slug}}-cache-redirect.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`) && PathPrefix(`/cache`)"
- "traefik.http.routers.{{slug}}-cache-redirect.middlewares=redirect@file"
- "traefik.http.routers.{{slug}}-cache-redirect.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-cache.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-cache.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
{%- if environment == "ops" %}
replicas: 3
{%- endif %}
resources:
limits:
memory: 8G
{%- if environment == "ops" %}
placement:
constraints:
- node.labels.type == external
{%- endif %}
networks:
- extnet
registrar:
image: registry.gitlab.eox.at/vs/core:{{ docker_image_versions['registry.gitlab.eox.at/vs/core'] }}
environment:
INSTALL_DIR: "/var/www/pvs/ops/"
INSTANCE_DIR: "/var/www/pvs/ops/pvs_instance/"
deploy:
replicas: 1
placement:
constraints: [node.role == manager]
ingestor:
image: registry.gitlab.eox.at/vs/ingestor:{{ docker_image_versions['registry.gitlab.eox.at/vs/ingestor'] }}
environment:
REDIS_PREPROCESS_MD_QUEUE_KEY: "preprocess_queue"
INOTIFY_MASKS: "IN_MOVED_TO"
deploy:
placement:
constraints: [node.role == manager]
sftp:
image: registry.gitlab.eox.at/esa/prism/sftp:release-1.0.0
deploy:
placement:
constraints: [node.role == manager]
configs:
- source: sftp_ssh_host_rsa_key
target: /etc/ssh/ssh_host_rsa_key
mode: 0600
- source: sftp_ssh_host_ed25519_key
target: /etc/ssh/ssh_host_ed25519_key
mode: 0600
client:
image: registry.gitlab.eox.at/vs/client:{{ docker_image_versions['registry.gitlab.eox.at/vs/client'] }}
configs:
- source: client-config
target: /usr/share/nginx/html/index.html
deploy:
labels:
# router for shib auth based access (https)
- "traefik.http.routers.{{slug}}-client-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`)"
- "traefik.http.middlewares.{{slug}}-client-shib-fa.forwardauth.address=http://shibauth-{{slug}}/secure"
- "traefik.http.routers.{{slug}}-client-shib.middlewares={{slug}}-client-shib-fa,compress@file"
- "traefik.http.routers.{{slug}}-client-shib.tls=true"
- "traefik.http.routers.{{slug}}-client-shib.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-client-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.{{slug}}-client-redirect-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`)"
- "traefik.http.routers.{{slug}}-client-redirect-shib.middlewares=redirect@file"
- "traefik.http.routers.{{slug}}-client-redirect-shib.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.{{slug}}-client.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`)"
- "traefik.http.routers.{{slug}}-client.middlewares=auth@file,compress@file"
- "traefik.http.routers.{{slug}}-client.tls=true"
- "traefik.http.routers.{{slug}}-client.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-client.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.{{slug}}-client-redirect.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`)"
- "traefik.http.routers.{{slug}}-client-redirect.middlewares=redirect@file"
- "traefik.http.routers.{{slug}}-client-redirect.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-client.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-client.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
{%- if environment == "ops" %}
placement:
constraints:
- node.labels.type == external
{%- endif %}
networks:
- extnet
preprocessor:
image: registry.gitlab.eox.at/vs/preprocessor:{{ docker_image_versions['registry.gitlab.eox.at/vs/preprocessor'] }}
volumes:
- type: bind
source: /var/vhr
target: /tmp
{%- if environment == "ops" %}
deploy:
replicas: 1
placement:
constraints:
- node.labels.type == internal
{%- endif %}
shibauth-{{slug}}:
image: registry.gitlab.eox.at/esa/prism/shibauth:release-1.0.1
environment:
APACHE_SERVERNAME: "https://sso.{{slug}}.pass.copernicus.eu:443"
USER_CATEGORY_ALLOW_RENDERER: "{{shibauth_renderer}}"
USER_CATEGORY_ALLOW_CACHE: "{{shibauth_cache}}"
SPEntityID: "https://{{slug}}.pass.copernicus.eu/shibboleth"
{%- if environment == "ops" %}
IDPEntityID: "https://ssoidp.copernicus.eu:443/shibboleth"
{%- else %}
IDPEntityID: "https://umssoidp.cdsv3.eu:443/shibboleth"
{%- endif %}
secrets:
- source: EMG_SHIB_CERT
target: SHIB_CERT
- source: EMG_SHIB_KEY
target: SHIB_KEY
deploy:
replicas: 1
placement:
constraints: [node.role == manager]
labels:
# router for basic auth based access (https)
- "traefik.http.routers.{{slug}}-shibauth.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/Shibboleth.sso`)"
- "traefik.http.routers.{{slug}}-shibauth.middlewares=compress@file,cors@file"
- "traefik.http.routers.{{slug}}-shibauth.tls=true"
- "traefik.http.routers.{{slug}}-shibauth.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-shibauth.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.{{slug}}-shibauth-redirect.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/Shibboleth.sso`)"
- "traefik.http.routers.{{slug}}-shibauth-redirect.middlewares=redirect@file"
- "traefik.http.routers.{{slug}}-shibauth-redirect.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-shibauth.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-shibauth.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
networks:
- extnet
configs:
- source: shib-apache
target: /etc/httpd/conf.d/shib.conf
- source: shib-attribute-map
target: /etc/shibboleth/attribute-map.xml
- source: idp-metadata
target: /etc/shibboleth/idp-metadata.xml
- source: shibd-logger
target: /etc/shibboleth/shibd.logger
- source: native-logger
target: /etc/shibboleth/native.logger
{%- if slug in ["dem", "demF"] %}
terrain:
image: geodata/cesium-terrain-server
volumes:
- type: bind
source: ../../mount2/
target: /data/tilesets/terrain
command:
["cesium-terrain-server", "-dir", "/data/tilesets/terrain", "-port", "80"]
deploy:
placement:
constraints: [node.role == manager]
labels:
- "traefik.http.routers.{{slug}}-terrain-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/tilesets/terrain-mesh`)"
- "traefik.http.middlewares.{{slug}}-terrain-shib-fa.forwardauth.address=http://shibauth-{{slug}}/secure"
- "traefik.http.routers.{{slug}}-terrain-shib.middlewares={{slug}}-terrain-shib-fa,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-terrain-shib.tls=true"
- "traefik.http.routers.{{slug}}-terrain-shib.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-terrain-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.{{slug}}-terrain-redirect-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/tilesets/terrain-mesh`)"
- "traefik.http.routers.{{slug}}-terrain-redirect-shib.middlewares=redirect@file"
- "traefik.http.routers.{{slug}}-terrain-redirect-shib.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.{{slug}}-terrain.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`) && PathPrefix(`/tilesets/terrain-mesh`)"
- "traefik.http.routers.{{slug}}-terrain.middlewares=auth@file,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-terrain.tls=true"
- "traefik.http.routers.{{slug}}-terrain.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-terrain.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.{{slug}}-terrain-redirect.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`) && PathPrefix(`/tilesets/terrain-mesh`)"
- "traefik.http.routers.{{slug}}-terrain-redirect.middlewares=redirect@file"
- "traefik.http.routers.{{slug}}-terrain-redirect.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-terrain.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-terrain.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
networks:
- extnet
dem-app:
image: registry.gitlab.eox.at/esa/prism/dem-app:latest
deploy:
labels:
- "traefik.http.middlewares.dem-app-stripprefix.stripprefix.prefixes=/dem-app"
# router for shib auth based access (https)
- "traefik.http.routers.{{slug}}-dem-app-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/dem-app`)"
- "traefik.http.middlewares.{{slug}}-dem-app-shib-fa.forwardauth.address=http://shibauth-{{slug}}/secure"
- "traefik.http.routers.{{slug}}-dem-app-shib.middlewares=dem-app-stripprefix,{{slug}}-dem-app-shib-fa,compress@file"
- "traefik.http.routers.{{slug}}-dem-app-shib.tls=true"
- "traefik.http.routers.{{slug}}-dem-app-shib.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-dem-app-shib.entrypoints=https"
# router for shib auth based access (http)
- "traefik.http.routers.{{slug}}-dem-app-redirect-shib.rule=Host(`sso.{{slug}}.pass.copernicus.eu`) && PathPrefix(`/dem-app`)"
- "traefik.http.routers.{{slug}}-dem-app-redirect-shib.middlewares=dem-app-stripprefix,redirect@file"
- "traefik.http.routers.{{slug}}-dem-app-redirect-shib.entrypoints=http"
# router for basic auth based access (https)
- "traefik.http.routers.{{slug}}-dem-app.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`) && PathPrefix(`/dem-app`)"
- "traefik.http.routers.{{slug}}-dem-app.middlewares=dem-app-stripprefix,auth@file,compress@file"
- "traefik.http.routers.{{slug}}-dem-app.tls=true"
- "traefik.http.routers.{{slug}}-dem-app.tls.certresolver=default"
- "traefik.http.routers.{{slug}}-dem-app.entrypoints=https"
# router for basic auth based access (http)
- "traefik.http.routers.{{slug}}-dem-app-redirect.rule=Host(`{{slug}}.pass.copernicus.eu`, `{{slug}}.pdas.prism.eox.at`) && PathPrefix(`/dem-app`)"
- "traefik.http.routers.{{slug}}-dem-app-redirect.middlewares=dem-app-stripprefix,redirect@file"
- "traefik.http.routers.{{slug}}-dem-app-redirect.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-dem-app.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-dem-app.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
placement:
constraints:
- node.labels.type == external
networks:
- extnet
{%- endif %}
networks:
extnet:
name: {{slug}}-extnet
external: true
configs:
shib-apache:
file: ../shibboleth/shib-apache.conf
shib-attribute-map:
file: ../shibboleth/attribute-map.xml
native-logger:
file: ../shibboleth/native.logger
shibd-logger:
file: ../shibboleth/shibd.logger
idp-metadata:
external: true
sftp_ssh_host_rsa_key:
external: true
sftp_ssh_host_ed25519_key:
external: true
secrets:
EMG_SHIB_CERT:
external: true
EMG_SHIB_KEY:
external: true
{%- else %} {# environment is dev #}
database:
networks:
- extnet
sftp:
image: registry.gitlab.eox.at/esa/prism/sftp:release-1.0.0
ingestor:
image: registry.gitlab.eox.at/vs/ingestor:dev
environment:
REDIS_PREPROCESS_MD_QUEUE_KEY: "preprocess_queue"
fluentd:
image: registry.gitlab.eox.at/esa/prism/fluentd:release-1.0.0
client:
image: registry.gitlab.eox.at/vs/client:dev
volumes:
- type: bind
source: ./config/index.html
target: /index.html
networks:
- extnet
deploy:
labels:
# router for basic access (http)
- "traefik.http.routers.{{slug}}-client.rule=Host(`{{slug}}.localhost`)"
- "traefik.http.routers.{{slug}}-client.middlewares=compress@file"
- "traefik.http.routers.{{slug}}-client.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-client.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-client.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
renderer:
image: registry.gitlab.eox.at/vs/core:dev
environment:
DEV: "true"
DEBUG: "true"
networks:
- extnet
deploy:
labels:
# router for basic access (http)
- "traefik.http.routers.{{slug}}-renderer.rule=Host(`{{slug}}.localhost`) && PathPrefix(`/ows`, `/opensearch`, `/admin`, `/http`)"
- "traefik.http.routers.{{slug}}-renderer.middlewares=compress@file,cors@file"
- "traefik.http.routers.{{slug}}-renderer.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-renderer.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-renderer.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
registrar:
image: registry.gitlab.eox.at/vs/core:dev
environment:
DEV: "true"
DEBUG: "true"
cache:
image: registry.gitlab.eox.at/vs/cache:dev
networks:
- extnet
deploy:
labels:
# router for basic access (http)
- "traefik.http.middlewares.cache-stripprefix.stripprefix.prefixes=/cache"
- "traefik.http.routers.{{slug}}-cache.rule=Host(`{{slug}}.localhost`) && PathPrefix(`/cache`)"
- "traefik.http.routers.{{slug}}-cache.middlewares=cache-stripprefix,compress@file,cors@file"
- "traefik.http.routers.{{slug}}-cache.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-cache.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-cache.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
preprocessor:
image: registry.gitlab.eox.at/vs/preprocessor:dev
environment:
DEBUG: "true"
volumes:
- type: tmpfs
target: /tmp
reverse-proxy:
image: traefik:2.4
ports:
- target: 80
published: 80
protocol: tcp
mode: host
volumes:
# point to configs/base when rendered
- /var/run/docker.sock:/var/run/docker.sock
- ../base/traefik.yml:/etc/traefik/traefik.yml
- ../base/traefik-dynamic.yml:/etc/traefik/traefik-dynamic.yml
networks:
- extnet
{%- if slug in ["dem", "demF"] %}
dem-app:
image: registry.gitlab.eox.at/esa/prism/dem-app:dev
deploy:
labels:
# router for basic access (http)
- "traefik.http.middlewares.dem-app-stripprefix.stripprefix.prefixes=/dem-app"
- "traefik.http.routers.{{slug}}-dem-app.rule=Host(`{{slug}}.localhost`) && PathPrefix(`/dem-app`)"
- "traefik.http.routers.{{slug}}-dem-app.middlewares=dem-app-stripprefix,compress@file"
- "traefik.http.routers.{{slug}}-dem-app.entrypoints=http"
# general
- "traefik.http.services.{{slug}}-dem-app.loadbalancer.sticky=false"
- "traefik.http.services.{{slug}}-dem-app.loadbalancer.server.port=80"
- "traefik.docker.network={{slug}}-extnet"
- "traefik.docker.lbswarm=true"
- "traefik.enable=true"
networks:
- extnet
{%- endif %}
networks:
extnet:
name: {{slug}}-extnet
{%- endif %}