Support reverse proxies

Islandora-Devops · May 31, 2024 · ec80132 · ec80132
1 parent 53ece2b
commit ec80132
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 20 deletions.
diff --git a/.env b/.env
@@ -40,7 +40,17 @@ REPOSITORY=islandora.io
 TAG=local
 
 # The domain at which your production site is hosted.
-DOMAIN=islandora.dev
+# If you're using a reverse proxy, this is the reverse proxy domain name
+FRONTEND_DOMAIN=islandora.dev
+
+# The domain at which this islandora docker compose deployment is running.
+#
+# If this docker deployment is accessed directly by the WWW
+# this should be the same value as FRONTEND_DOMAIN
+#
+# If this docker deployment is a backend to a reverse proxy
+# This is the domain name your FRONTEND_DOMAIN connects to
+BACKEND_DOMAIN=islandora.dev
 
 # The email to use for admin users and Lets Encrypt.
 EMAIL=[email protected]

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -230,7 +230,7 @@ services:
         <<: [*prod, *activemq]
         labels:
             <<: [*traefik-disable, *activemq-labels]
-            traefik.http.routers.activemq_http.rule: &traefik-host-activemq-prod Host(`activemq.${DOMAIN}`)
+            traefik.http.routers.activemq_http.rule: &traefik-host-activemq-prod Host(`activemq.${FRONTEND_DOMAIN}`)
             traefik.http.routers.activemq_https.rule: *traefik-host-activemq-prod
             traefik.http.routers.activemq_https.tls.certresolver: *traefik-certresolver
         secrets:
@@ -259,7 +259,7 @@ services:
         <<: [*prod, *blazegraph]
         labels:
             <<: [*traefik-disable, *blazegraph-labels]
-            traefik.http.routers.blazegraph_http.rule: &traefik-host-blazegraph-prod Host(`blazegraph.${DOMAIN}`)
+            traefik.http.routers.blazegraph_http.rule: &traefik-host-blazegraph-prod Host(`blazegraph.${FRONTEND_DOMAIN}`)
             traefik.http.routers.blazegraph_https.rule: *traefik-host-blazegraph-prod
             traefik.http.routers.blazegraph_https.tls.certresolver: *traefik-certresolver
     cantaloupe-dev: &cantaloupe
@@ -289,7 +289,7 @@ services:
         <<: [*prod, *cantaloupe]
         labels:
             <<: [*cantaloupe-labels]
-            traefik.http.routers.cantaloupe_http.rule: &traefik-host-cantaloupe-prod Host(`${DOMAIN}`) && PathPrefix(`/cantaloupe`)
+            traefik.http.routers.cantaloupe_http.rule: &traefik-host-cantaloupe-prod Host(`${BACKEND_DOMAIN}`) && PathPrefix(`/cantaloupe`)
             traefik.http.routers.cantaloupe_https.rule: *traefik-host-cantaloupe-prod
             traefik.http.routers.cantaloupe_https.tls.certresolver: *traefik-certresolver
     drupal-dev: &drupal
@@ -355,14 +355,14 @@ services:
         environment:
             <<: [*drupal-environment]
             DEVELOPMENT_ENVIRONMENT: false
-            DRUPAL_DEFAULT_CANTALOUPE_URL: "https://${DOMAIN}/cantaloupe/iiif/2"
-            DRUPAL_DEFAULT_FCREPO_URL: "https://fcrepo.${DOMAIN}/fcrepo/rest/"
-            DRUPAL_DEFAULT_MATOMO_URL: "https://${DOMAIN}/matomo/"
-            DRUPAL_DEFAULT_SITE_URL: "${DOMAIN}"
-            DRUPAL_DRUSH_URI: "https://${DOMAIN}"
+            DRUPAL_DEFAULT_CANTALOUPE_URL: "https://${FRONTEND_DOMAIN}/cantaloupe/iiif/2"
+            DRUPAL_DEFAULT_FCREPO_URL: "https://fcrepo.${FRONTEND_DOMAIN}/fcrepo/rest/"
+            DRUPAL_DEFAULT_MATOMO_URL: "https://${FRONTEND_DOMAIN}/matomo/"
+            DRUPAL_DEFAULT_SITE_URL: "${FRONTEND_DOMAIN}"
+            DRUPAL_DRUSH_URI: "https://${FRONTEND_DOMAIN}"
         labels:
             <<: [*traefik-enable, *traefik-https-redirect-middleware, *traefik-drupal-labels]
-            traefik.http.routers.drupal_http.rule: &traefik-host-drupal-prod Host(`${DOMAIN}`)
+            traefik.http.routers.drupal_http.rule: &traefik-host-drupal-prod Host(`${BACKEND_DOMAIN}`)
             traefik.http.routers.drupal_https.rule: *traefik-host-drupal-prod
             traefik.http.routers.drupal_https.tls.certresolver: *traefik-certresolver
         volumes:
@@ -502,10 +502,10 @@ services:
         <<: [*prod, *fcrepo]
         environment:
             <<: [*fcrepo-environment]
-            FCREPO_ALLOW_EXTERNAL_DRUPAL: "https://${DOMAIN}/"
+            FCREPO_ALLOW_EXTERNAL_DRUPAL: "https://${FRONTEND_DOMAIN}/"
         labels:
             <<: [*fcrepo-labels]
-            traefik.http.routers.fcrepo_http.rule: &traefik-host-fcrepo-prod Host(`fcrepo.${DOMAIN}`)
+            traefik.http.routers.fcrepo_http.rule: &traefik-host-fcrepo-prod Host(`fcrepo.${FRONTEND_DOMAIN}`)
             traefik.http.routers.fcrepo_https.rule: *traefik-host-fcrepo-prod
             traefik.http.routers.fcrepo_https.tls.certresolver: *traefik-certresolver
         secrets:
@@ -547,12 +547,12 @@ services:
         <<: [*prod, *matomo]
         labels:
             <<: [*matomo-labels]
-            traefik.http.routers.matomo_http.rule: &traefik-host-matomo-prod Host(`${DOMAIN}`) && PathPrefix(`/matomo`)
+            traefik.http.routers.matomo_http.rule: &traefik-host-matomo-prod Host(`${BACKEND_DOMAIN}`) && PathPrefix(`/matomo`)
             traefik.http.routers.matomo_https.rule: *traefik-host-matomo-prod
             traefik.http.routers.matomo_https.tls.certresolver: *traefik-certresolver
         environment:
             <<: *matomo-environment
-            MATOMO_DEFAULT_HOST: "https://${DOMAIN}"
+            MATOMO_DEFAULT_HOST: "https://${FRONTEND_DOMAIN}"
         secrets:
             - source: DB_ROOT_PASSWORD
             - source: MATOMO_DB_PASSWORD
@@ -589,7 +589,7 @@ services:
         <<: [*prod, *solr]
         labels:
             <<: [*traefik-disable, *solr-labels]
-            traefik.http.routers.solr_http.rule: &traefik-host-solr-prod Host(`solr.${DOMAIN}`)
+            traefik.http.routers.solr_http.rule: &traefik-host-solr-prod Host(`solr.${FRONTEND_DOMAIN}`)
             traefik.http.routers.solr_https.rule: *traefik-host-solr-prod
             traefik.http.routers.solr_https.tls.certresolver: *traefik-certresolver
         # Ensure drupal mounts the shared volumes first.
@@ -683,11 +683,11 @@ services:
             default:
                 aliases:
                     # Allow services to connect on the same name/port as the outside.
-                    - "${DOMAIN}" # Drupal is at the root domain.
-                    - "activemq.${DOMAIN}"
-                    - "blazegraph.${DOMAIN}"
-                    - "fcrepo.${DOMAIN}"
-                    - "solr.${DOMAIN}"
+                    - "${FRONTEND_DOMAIN}" # Drupal is at the root domain.
+                    - "activemq.${FRONTEND_DOMAIN}"
+                    - "blazegraph.${FRONTEND_DOMAIN}"
+                    - "fcrepo.${FRONTEND_DOMAIN}"
+                    - "solr.${FRONTEND_DOMAIN}"
         depends_on:
             # Sometimes traefik doesn't pick up on new containers so make sure
             # they are started before traefik.