Skip to content

Commit

Permalink
Merge pull request #197 from georchestra/add_gateway
Browse files Browse the repository at this point in the history
Replace security proxy by gateway  into georchestra docker
  • Loading branch information
f-necas authored Jun 13, 2024
2 parents 6f014c2 + 300f7ad commit 1901c51
Show file tree
Hide file tree
Showing 5 changed files with 69 additions and 53 deletions.
5 changes: 5 additions & 0 deletions .envs-rabbitmq
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# envs-rabbitmq
RABBITMQ_USERNAME=georchestra
RABBITMQ_PASSWORD=georchestra
# Only apply to applications consuming rabbitmq, doesn't change the port rabbitmq server running in Docker.
RABBITMQ_PORT=5672
2 changes: 1 addition & 1 deletion config
30 changes: 16 additions & 14 deletions docker-compose.override.yml
Original file line number Diff line number Diff line change
Expand Up @@ -56,13 +56,13 @@ services:
- "traefik.http.routers.static.rule=Host(`georchestra-127-0-1-1.traefik.me`)"
- "traefik.http.routers.static.priority=1"

proxy:
gateway:
labels:
- "traefik.enable=true"
- "traefik.http.routers.proxy.tls=true"
- "traefik.http.routers.proxy.priority=2"
- "traefik.http.routers.gateway.tls=true"
- "traefik.http.routers.gateway.priority=2"
- >-
traefik.http.routers.proxy.rule=Host(`georchestra-127-0-1-1.traefik.me`) && (
traefik.http.routers.gateway.rule=Host(`georchestra-127-0-1-1.traefik.me`) && (
PathPrefix(`/analytics`)
|| PathPrefix(`/datafeeder`)
|| PathPrefix(`/datahub`)
Expand All @@ -74,21 +74,22 @@ services:
|| PathPrefix(`/import`)
|| PathPrefix(`/login`)
|| PathPrefix(`/logout`)
|| PathPrefix(`/oauth2`)
|| PathPrefix(`/mapstore`)
|| PathPrefix(`/ogc-api-records`)
|| PathPrefix(`/_static`)
|| PathPrefix(`/whoami`)
|| Query(`login=`)
)
- "traefik.http.services.proxy.loadbalancer.server.port=8080"
- "traefik.http.services.gateway.loadbalancer.server.port=8080"
# CORS related. Open everything to the world.
- "traefik.http.routers.proxy.middlewares=corsheader@docker"
- "traefik.http.routers.gateway.middlewares=corsheader@docker"
- "traefik.http.middlewares.corsheader.headers.accesscontrolallowmethods=GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH"
- "traefik.http.middlewares.corsheader.headers.accesscontrolalloworiginlist=*"
- "traefik.http.middlewares.corsheader.headers.accesscontrolmaxage=1800"
- "traefik.http.middlewares.corsheader.headers.addvaryheader=true"
- "traefik.http.middlewares.corsheader.headers.accesscontrolallowcredentials=true"
- "traefik.http.routers.proxy.middlewares=corsheader@docker,static-errors-middleware@docker"
- "traefik.http.routers.gateway.middlewares=corsheader@docker,static-errors-middleware@docker"
# handle downstream errors
- "traefik.http.middlewares.static-errors-middleware.errors.status=500-599"
- "traefik.http.middlewares.static-errors-middleware.errors.service=static-docker@docker"
Expand All @@ -110,15 +111,16 @@ services:
)
- "traefik.http.routers.traefik-redirect.priority=10"
- "traefik.http.routers.traefik-redirect.middlewares=add-trailing-slash@docker"
- "traefik.http.middlewares.add-trailing-slash.redirectregex.regex=^https?://(.*)/(.+)"
- "traefik.http.middlewares.add-trailing-slash.redirectregex.replacement=https://$${1}/$${2}/"
- "traefik.http.middlewares.add-trailing-slash.redirectregex.regex=^https?://(.+)/([^?]+)(\\?.*)?"
- "traefik.http.middlewares.add-trailing-slash.redirectregex.replacement=https://$${1}/$${2}/$${3}"
- "traefik.http.middlewares.add-trailing-slash.redirectregex.permanent=false"

cas:
labels:
- "traefik.enable=true"
- "traefik.http.routers.cas.tls=true"
- "traefik.http.routers.cas.rule=Host(`georchestra-127-0-1-1.traefik.me`) && PathPrefix(`/cas`)"
# uncomment for oauth 2.0
# cas:
# labels:
# - "traefik.enable=true"
# - "traefik.http.routers.cas.tls=true"
# - "traefik.http.routers.cas.rule=Host(`georchestra-127-0-1-1.traefik.me`) && PathPrefix(`/cas`)"

smtp:
image: camptocamp/smtp-sink:latest
Expand Down
83 changes: 46 additions & 37 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ volumes:
datafeeder_postgis_data:
esdata:
georchestra_datadir:
rabbitmq_data:

secrets:
slapd_password:
Expand Down Expand Up @@ -79,53 +80,43 @@ services:
- ldap_config:/etc/ldap
restart: always

proxy:
image: georchestra/security-proxy:latest
healthcheck:
test: ["CMD-SHELL", "curl -s -f http://localhost:8080/_static/bootstrap_3.0.0/css/bootstrap-theme.min.css >/dev/null || exit 1"]
interval: 30s
timeout: 10s
retries: 10
gateway:
image: georchestra/gateway:latest
depends_on:
ldap:
condition: service_healthy
database:
condition: service_healthy
- database
volumes:
- georchestra_datadir:/etc/georchestra
environment:
- JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF
- XMS=256M
- XMX=1G
- JAVA_TOOL_OPTIONS=-Dgeorchestra.datadir=/etc/georchestra
env_file:
- .envs-common
- .envs-ldap
- .envs-hosts
- .envs-database-georchestra
restart: always

cas:
image: georchestra/cas:latest
healthcheck:
test: ["CMD-SHELL", "curl -s -f http://localhost:8080/cas/login >/dev/null || exit 1"]
interval: 30s
timeout: 10s
retries: 10
depends_on:
ldap:
condition: service_healthy
volumes:
- georchestra_datadir:/etc/georchestra
environment:
- JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF
- XMS=256M
- XMX=1G
env_file:
- .envs-common
- .envs-ldap
- .envs-database-georchestra
restart: always

# uncomment for oauth 2.0
# cas:
# image: georchestra/cas:latest
# healthcheck:
# test: [ "CMD-SHELL", "curl -s -f http://localhost:8080/cas/login >/dev/null || exit 1" ]
# interval: 30s
# timeout: 10s
# retries: 10
# depends_on:
# ldap:
# condition: service_healthy
# volumes:
# - georchestra_datadir:/etc/georchestra
# environment:
# - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF
# - XMS=256M
# - XMX=1G
# env_file:
# - .envs-common
# - .envs-ldap
# - .envs-database-georchestra
# restart: always

header:
image: georchestra/header:latest
healthcheck:
Expand Down Expand Up @@ -186,6 +177,8 @@ services:
condition: service_healthy
database:
condition: service_healthy
rabbitmq:
condition: service_healthy
volumes:
- georchestra_datadir:/etc/georchestra
environment:
Expand All @@ -195,6 +188,7 @@ services:
env_file:
- .envs-common
- .envs-ldap
- .envs-rabbitmq
- .envs-database-georchestra
- .envs-hosts
restart: always
Expand Down Expand Up @@ -401,5 +395,20 @@ services:
volumes:
- georchestra_datadir:/etc/georchestra
restart: always

rabbitmq:
image: docker.io/bitnami/rabbitmq:3.12
healthcheck:
test: rabbitmq-diagnostics -q ping && rabbitmq-diagnostics -q check_local_alarms
interval: 60s
timeout: 30s
retries: 3
env_file:
- .envs-rabbitmq
environment:
- RABBITMQ_LOGS=-
volumes:
- 'rabbitmq_data:/bitnami/rabbitmq/mnesia'
restart: always


2 changes: 1 addition & 1 deletion resources/static
Submodule static updated 1 files
+1 −1 errors/50x.html

0 comments on commit 1901c51

Please sign in to comment.